Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1520644
MD5:	0013399a6a9ab2e3fb25451ed658daa1
SHA1:	77731500657e6658c6d1b4d09de3fae4f756efef
SHA256:	0646980e8e68974948861e60bd4497d17464da101ec697241ba8ea96d86d22c6
Tags:	exex64user-jstrosch
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Classification

Process Tree

System is w10x64

file.exe (PID: 6776 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 0013399A6A9AB2E3FB25451ED658DAA1)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author	Strings
Process Memory Space: file.exe PID: 6776	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 6776	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T17:51:15.562012+0200	2049441	1	A Network Trojan was detected	192.168.2.4	49730	176.124.204.206	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T17:51:15.562012+0200	2050806	1	A Network Trojan was detected	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.571111+0200	2050806	1	A Network Trojan was detected	192.168.2.4	49730	176.124.204.206	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-27T17:51:15.562012+0200	2050807	1	A Network Trojan was detected	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.571111+0200	2050807	1	A Network Trojan was detected	192.168.2.4	49730	176.124.204.206	15666	TCP

Code function: 0_2_00007FF67A3E8A50 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,

0_2_00007FF67A3E8A50

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: global traffic

DNS traffic detected: DNS query: api.ipify.org

Source: file.exe, 00000000.00000003.1959673962.000002653F684000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807857552.000002653F671000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959468011.000002653F680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959429528.000002653F680000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/i
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org3S4
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.orgCSD
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000003.1811211841.000002653F9B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: file.exe, 00000000.00000003.1819856920.0000026540151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817293847.000002653FACE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
Source: file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000003.1819856920.0000026540151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817293847.000002653FACE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA53000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000003.1816063856.000002653FAD6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817815572.000002653FB98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1816063856.000002653FAD6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817815572.000002653FB98000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECCF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443

Source: unknown

HTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.4:49731 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3E9310 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A3E9310

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3EDD50 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,		0_2_00007FF67A3EDD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3ED610 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		0_2_00007FF67A3ED610

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A390BD0	0_2_00007FF67A390BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39EC50	0_2_00007FF67A39EC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A409D08	0_2_00007FF67A409D08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39C9C0	0_2_00007FF67A39C9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3C1A80	0_2_00007FF67A3C1A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3F0A90	0_2_00007FF67A3F0A90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E8A50	0_2_00007FF67A3E8A50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3EBA60	0_2_00007FF67A3EBA60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3BBAF0	0_2_00007FF67A3BBAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E9FB0	0_2_00007FF67A3E9FB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3A40B0	0_2_00007FF67A3A40B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3F00A8	0_2_00007FF67A3F00A8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3EADB0	0_2_00007FF67A3EADB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E1F20	0_2_00007FF67A3E1F20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E3360	0_2_00007FF67A3E3360
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A406504	0_2_00007FF67A406504
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39D510	0_2_00007FF67A39D510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3BE4E0	0_2_00007FF67A3BE4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A41C138	0_2_00007FF67A41C138
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3F2150	0_2_00007FF67A3F2150
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E8210	0_2_00007FF67A3E8210
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E9310	0_2_00007FF67A3E9310
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3912C0	0_2_00007FF67A3912C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D77F0	0_2_00007FF67A3D77F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39E5A0	0_2_00007FF67A39E5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3ACB90	0_2_00007FF67A3ACB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A41EB50	0_2_00007FF67A41EB50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A408C2C	0_2_00007FF67A408C2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CDBD0	0_2_00007FF67A3CDBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A423BC0	0_2_00007FF67A423BC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A407CAC	0_2_00007FF67A407CAC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D3CC0	0_2_00007FF67A3D3CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FE9A4	0_2_00007FF67A3FE9A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3DF9C0	0_2_00007FF67A3DF9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3F49BA	0_2_00007FF67A3F49BA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A399A59	0_2_00007FF67A399A59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A401B14	0_2_00007FF67A401B14
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FDAC4	0_2_00007FF67A3FDAC4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A409F84	0_2_00007FF67A409F84
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCF60	0_2_00007FF67A3CCF60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3B6F70	0_2_00007FF67A3B6F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A41EFD0	0_2_00007FF67A41EFD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D8FD0	0_2_00007FF67A3D8FD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3EE0A0	0_2_00007FF67A3EE0A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FE10C	0_2_00007FF67A3FE10C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3660C0	0_2_00007FF67A3660C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3B00ED	0_2_00007FF67A3B00ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A391D4E	0_2_00007FF67A391D4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3EDD50	0_2_00007FF67A3EDD50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D6D70	0_2_00007FF67A3D6D70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39AE00	0_2_00007FF67A39AE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FBE00	0_2_00007FF67A3FBE00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CFE50	0_2_00007FF67A3CFE50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A410E74	0_2_00007FF67A410E74
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3BAF00	0_2_00007FF67A3BAF00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CDF00	0_2_00007FF67A3CDF00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A397ED0	0_2_00007FF67A397ED0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A39BEE0	0_2_00007FF67A39BEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D4EF0	0_2_00007FF67A3D4EF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3AE419	0_2_00007FF67A3AE419
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A4083D8	0_2_00007FF67A4083D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A366480	0_2_00007FF67A366480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FE49C	0_2_00007FF67A3FE49C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A40A50C	0_2_00007FF67A40A50C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3AC4E0	0_2_00007FF67A3AC4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D0180	0_2_00007FF67A3D0180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A40717C	0_2_00007FF67A40717C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3C5220	0_2_00007FF67A3C5220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CD260	0_2_00007FF67A3CD260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D8270	0_2_00007FF67A3D8270
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E12F0	0_2_00007FF67A3E12F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E6783	0_2_00007FF67A3E6783
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3877B0	0_2_00007FF67A3877B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E2750	0_2_00007FF67A3E2750
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A389760	0_2_00007FF67A389760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E6773	0_2_00007FF67A3E6773
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A386770	0_2_00007FF67A386770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CF820	0_2_00007FF67A3CF820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CD8B0	0_2_00007FF67A3CD8B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A366900	0_2_00007FF67A366900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FD8DC	0_2_00007FF67A3FD8DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3918F0	0_2_00007FF67A3918F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CD590	0_2_00007FF67A3CD590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3C9600	0_2_00007FF67A3C9600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3DF620	0_2_00007FF67A3DF620
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D0616	0_2_00007FF67A3D0616
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A40762C	0_2_00007FF67A40762C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3E45D0	0_2_00007FF67A3E45D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D66D0	0_2_00007FF67A3D66D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3FD6F4	0_2_00007FF67A3FD6F4

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF67A396990 appears 41 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF67A38D510 appears 63 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF67A391D20 appears 56 times

Source: classification engine

Classification label: mal88.troj.spyw.winEXE@1/0@1/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A39E5A0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A39E5A0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3CF820 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A3CF820

Source: C:\Users\user\Desktop\file.exe

Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E69639C5D69E2

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:
Source: file.exe	String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 1117696 > 1048576

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A39D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A39D510

Source: file.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBB4 push rsp; retf	0_2_00007FF67A3CCBB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBB0 push rsp; retf	0_2_00007FF67A3CCBB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBAC push rsp; retf	0_2_00007FF67A3CCBAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBC4 push rsp; retf	0_2_00007FF67A3CCBC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBC0 push rsp; retf	0_2_00007FF67A3CCBC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBBC push rsp; retf	0_2_00007FF67A3CCBBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCBB8 push rsp; retf	0_2_00007FF67A3CCBB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3CCB00 push rsp; retf	0_2_00007FF67A3CCBA1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3D77F0 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,ExitProcess,ExitProcess,OpenMutexA,ExitProcess,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A3D77F0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A41C088 FindClose,FindFirstFileExW,GetLastError,		0_2_00007FF67A41C088
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A41C138 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,		0_2_00007FF67A41C138

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3EAB00 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF67A3EAB00

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A400220 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_00007FF67A400220

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp
Source: file.exe, 00000000.00000003.1808862334.000002653CDF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1960242626.000002653CDDC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1808862334.000002653CDF8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1960242626.000002653CDDC000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW&

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3EDD50 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

0_2_00007FF67A3EDD50

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3F8A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF67A3F8A38

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A41E2B0 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF67A41E2B0

Source: C:\Users\user\Desktop\file.exe

0_2_00007FF67A39D510

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3F8A38 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF67A3F8A38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A415870 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF67A415870

Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF67A40FBB4
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF67A404B68
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00007FF67A41BC84
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF67A40FAE4
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF67A40FFF0
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_00007FF67A4050AC
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF67A4101CC
Source: C:\Users\user\Desktop\file.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF67A40F798

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A416328 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF67A416328

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A3E9A60 GetUserNameW,

0_2_00007FF67A3E9A60

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF67A409D08 _get_daylight,_get_daylight,_get_daylight,_get_daylight,_get_daylight,GetTimeZoneInformation,

0_2_00007FF67A409D08

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 6776, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6776, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum\wallets
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash\wallets
Source: file.exe, 00000000.00000003.1830214172.000002653CE43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ny1aaXAgMjMuMDEgKHg2NCkgWzIzLjAxXQpNb3ppbGxhIEZpcmVmb3ggKHg2NCBlbi1VUykgWzExOC4wLjFdCk1vemlsbGEgTWFpbnRlbmFuY2UgU2VydmljZSBbMTE4LjAuMV0KTWljcm9zb2Z0IE9mZmljZSBQcm9mZXNzaW9uYWwgUGx1cyAyMDE5IC0gZW4tdXMgWzE2LjAuMTY4MjcuMjAxMzBdCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMjIgWDY0IEFkZGl0aW9uYWwgUnVudGltZSAtIDE0LjM2LjMyNTMyIFsxNC4zNi4zMjUzMl0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBMaWNlbnNpbmcgQ29tcG9uZW50IFsxNi4wLjE2ODI3LjIwMTMwXQpPZmZpY2UgMTYgQ2xpY2stdG8tUnVuIEV4dGVuc2liaWxpdHkgQ29tcG9uZW50IDY0LWJpdCBSZWdpc3RyYXRpb24gWzE2LjAuMTY4MjcuMjAwNTZdCkFkb2JlIEFjcm9iYXQgKDY0LWJpdCkgWzIzLjAwNi4yMDMyMF0KTWljcm9zb2Z0IFZpc3VhbCBDKysgMjAyMiBYNjQgTWluaW11bSBSdW50aW1lIC0gMTQuMzYuMzI1MzIgWzE0LjM2LjMyNTMyXQpHb29nbGUgQ2hyb21lIFsxMTcuMC41OTM4LjEzMl0KTWljcm9zb2Z0IEVkZ2UgWzExNy4wLjIwNDUuNDddCk1pY3Jvc29mdCBFZGdlIFVwZGF0ZSBbMS4zLjE3Ny4xMV0KTWljcm9zb2Z0IEVkZ2UgV2ViVmlldzIgUnVudGltZSBbMTE3LjAuMjA0NS40N10KSmF2YSBBdXRvIFVwZGF0ZXIgWzIuOC4zODEuOV0KSmF2YSA4IFVwZGF0ZSAzODEgWzguMC4zODEwLjldCk1pY3Jvc29mdCBWaXN1YWwgQysrIDIwMTUtMjAyMiBSZWRpc3RyaWJ1dGFibGUgKHg2NCkgLSAxNC4zNi4zMjUzMiBbMTQuMzYuMzI1MzIuMF0KT2ZmaWNlIDE2IENsaWNrLXRvLVJ1biBFeHRlbnNpYmlsaXR5IENvbXBvbmVudCBbMTYuMC4xNjgyNy4yMDEzMF0K
Source: file.exe, 00000000.00000003.1825279613.000002653CE43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walleta\
Source: file.exe, 00000000.00000003.1825279613.000002653CE43000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Exodus\exodus.walleta\
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore
Source: file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 6776, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6776, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Obfuscated Files or Information	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	1 Email Collection	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 Account Discovery	Distributed Component Object Model	2 Data from Local System	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	24 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://api.ipify.org/	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
https://api.ipify.org	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	172.67.74.152	true	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org	file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.ipify.org3S4	file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.ipify.orgCSD	file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install	file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1811211841.000002653F9B3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org	file.exe, 00000000.00000003.1819856920.0000026540151000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA5B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817503166.000002653ECC0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FAC6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1817293847.000002653FACE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1816063856.000002653FA53000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples	file.exe, 00000000.00000003.1811041441.000002653F9DE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811211841.000002653F978000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811407388.000002653CE0E000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1812096057.000002653F95B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1812116653.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811041441.000002653FA03000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1811602481.000002653FA03000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org/i	file.exe, 00000000.00000002.1960242626.000002653CD8A000.00000004.00000020.00020000.00000000.sdmp	false		unknown
http://ns.microsoft.t/Regi	file.exe, 00000000.00000003.1959673962.000002653F684000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1807857552.000002653F671000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959468011.000002653F680000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1959429528.000002653F680000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.1816063856.000002653FA63000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000003.1822746717.000002653FA17000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.124.204.206	unknown	Russian Federation		59652	GULFSTREAMUA	true
172.67.74.152	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1520644
Start date and time:	2024-09-27 17:50:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 14s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal88.troj.spyw.winEXE@1/0@1/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 93% Number of executed functions: 86 Number of non-executed functions: 110
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
176.124.204.206	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
172.67.74.152	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	SecuriteInfo.com.Trojan.PackedNET.3065.20099.26130.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	file.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	file.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	rQuotation3200025006.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	RTGS-WB-ABS-240730-NEW.lnk	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Purchase order.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	https://mzansibonds.com/dshk/tmpasdfghjklkjhgfdewertyuioiuytresdxcvbnmnbvfcdsew345678987654rewsdfvgbhnjhbgvfdesw23e45678uijdhgfcsvzbdncqasdcxw.php	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	http://correctingservicesalakks.pages.dev/	Get hash	malicious	Unknown	Browse	104.26.12.205
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.26.12.205

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
GULFSTREAMUA	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	https://darlin.com.au/	Get hash	malicious	Unknown	Browse	176.124.222.157
	LisectAVT_2403002A_415.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.220.79
	qObijSd3Uj.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.220.79
	zqixOh6Ktr.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.192.196
	FaOty5cPp0.elf	Get hash	malicious	Unknown	Browse	176.124.192.196
	Xzia5WAjUb.elf	Get hash	malicious	Unknown	Browse	176.124.192.196
	a7GTGrV0u5.elf	Get hash	malicious	Unknown	Browse	176.124.192.196
	Jy730hXzc6.elf	Get hash	malicious	Unknown	Browse	176.124.192.196
	uWnjyWVnz5.elf	Get hash	malicious	Unknown	Browse	176.124.192.196
CLOUDFLARENETUS	file.exe	Get hash	malicious	Amadey, BitCoin Miner, SilentXMRMiner	Browse	172.67.187.100
	SecuriteInfo.com.Trojan.PackedNET.3065.20099.26130.exe	Get hash	malicious	AgentTesla	Browse	172.67.74.152
	Quote #270924.exe	Get hash	malicious	FormBook	Browse	172.67.165.25
	https://effective-teammates-567500.framer.app/	Get hash	malicious	HTMLPhisher	Browse	172.65.208.22
	ATT71817.docx	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	FoS5cjKhd3.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	172.67.162.108
	https://www.google.fr/url?q=38pQvvq6xRyj7Y00xDjnlx9kIHOSozurMOiaAkImPuQJnOIWtJjqJLi6stjtDz3yh&rct=tTPSrMOiaAkImPuQJnOIWtJjqJLi6stjtFX08pQvvq6xRyj7Y00xDjnlx9kIjusucT&sa=t&url=amp%2Fcasaderestauraciononline.com%2Fholy%2Findexsyn1.html%23cmltYS5hbWV1ckBjYXRhbGluYW1hcmtldGluZy5mcg==	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	0225139776.docx.doc	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	188.114.96.3
	https://changeofscene.ladesk.com/605425-Secure-Business-Documen	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, Amadey, CryptOne, LummaC Stealer, PureLog Stealer, RedLine, Stealc	Browse	172.67.74.152
	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	172.67.74.152
	#docs_8299010377388200191-pdf.js	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	172.67.74.152
	175-33-26-24.HTA.hta	Get hash	malicious	Unknown	Browse	172.67.74.152
	zlsXub68El.exe	Get hash	malicious	Vidar	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.74.152
	SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.74.152
	SecuriteInfo.com.Adware.DownwareNET.4.15389.24193.exe	Get hash	malicious	Unknown	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.74.152

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.389101546656176
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'117'696 bytes
MD5:	0013399a6a9ab2e3fb25451ed658daa1
SHA1:	77731500657e6658c6d1b4d09de3fae4f756efef
SHA256:	0646980e8e68974948861e60bd4497d17464da101ec697241ba8ea96d86d22c6
SHA512:	3e5a3df2aa90b429fd0a37cc9a02140e3d2324d1291fbd32452260c9374afbaf7243dd59d4a2e1964bfb9ce7474eee89d349648ca80da35c24f52ec9664e18b4
SSDEEP:	24576:7BZ3miL8zJa5e9AISUzOL9A5q9IbwQmzXrbv4nlxlGfGeIVuj:j3miL8Me9AISUzCDewQ0X4g+eIVu
TLSH:	62354A15195D02EDD5BE817C8E5A9A13F63638460371A7EB16D187523FA3BE0AF3E320
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:%~.~D.R~D.R~D.R.6.S.D.R.6.S.D.R.:.S!D.R.:.SoD.R.:.SvD.R.6.S.D.R.6.SrD.R.6.ShD.R~D.RgE.R.6.ScD.Rj;.SqD.Rj;.R.D.Rj;.S.D.RRich~D.

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0x1400b5d64
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F5640C [Thu Sep 26 13:39:24 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2c34752585cf27cdff9273031768b19e

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007FB1DCF2F3D0h
dec eax
add esp, 28h
jmp 00007FB1DCF2EC8Fh
int3
int3
and dword ptr [000551E1h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call dword ptr [0002250Eh]
test eax, eax
je 00007FB1DCF2EE16h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007FB1DCF2EDD9h
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007FB1DCF30C40h
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [000224B1h]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx
inc ebp
xor eax, eax
call dword ptr [0002249Fh]
dec eax
test eax, eax
je 00007FB1DCF2EE4Eh
dec eax
and dword ptr [esp+38h], 00000000h
dec eax
lea ecx, dword ptr [ebp+000004E0h]
dec eax
mov edx, dword ptr [ebp+000004D8h]
dec esp
mov ecx, eax
dec eax
mov dword ptr [esp+30h], ecx
dec esp
mov eax, ebx
dec eax
lea ecx, dword ptr [ebp+000004E8h]
dec eax
mov dword ptr [esp+28h], ecx
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
mov dword ptr [esp+20h], ecx
xor ecx, ecx
call dword ptr [00022466h]
dec eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x101f28	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x115000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x10d000	0x6f90	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x116000	0xd64	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xeb6d0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xeb780	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xeb590	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd8000	0x728	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xd6ecc	0xd7000	2d955d3d3e0b4c30272ea1b69619e270	False	0.4291537972383721	zlib compressed data	6.324781390854175	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xd8000	0x2b6c8	0x2b800	441c1b3417c4a42c02c517e8c6d2e131	False	0.47393027119252873	data	5.694595476059849	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x104000	0x85a4	0x6000	5fbcdd9847679f1c63be9c85e41b833e	False	0.08390299479166667	data	4.559223452785583	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x10d000	0x6f90	0x7000	9f28ea92727e464a67682730ecd8aeb3	False	0.48489815848214285	data	6.043376095189614	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x114000	0x15c	0x200	b52e28908fd472740186bf885f303a5f	False	0.40625	data	3.345113144897087	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x115000	0x1e0	0x200	da9e8769aa702da1ca0713d6a0336d18	False	0.529296875	data	4.7122981932940915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x116000	0xd64	0xe00	36456480ce7be1ea5f3ce9804abc508f	False	0.48046875	data	5.354911204937075	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x115060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
WS2_32.dll	inet_pton, WSAStartup, send, socket, connect, recv, closesocket, htons, WSACleanup
CRYPT32.dll	CryptUnprotectData
WININET.dll	HttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, InternetCloseHandle, InternetOpenW, InternetOpenA, InternetOpenUrlA
ntdll.dll	NtQuerySystemInformation, RtlInitUnicodeString, NtAllocateVirtualMemory, LdrEnumerateLoadedModules, RtlAcquirePebLock, RtlReleasePebLock, NtQueryObject
RstrtMgr.DLL	RmGetList, RmStartSession, RmRegisterResources, RmEndSession
KERNEL32.dll	CompareStringEx, LCMapStringEx, FindFirstFileW, FindNextFileW, FindClose, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, LoadLibraryA, Process32FirstW, CloseHandle, GetSystemInfo, GetProcAddress, LocalFree, FreeLibrary, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, TerminateProcess, GetModuleFileNameW, CreateMutexA, ReleaseMutex, OpenMutexA, ReadFile, GetModuleFileNameA, GetVolumeInformationW, SetHandleInformation, GetGeoInfoA, HeapFree, EnterCriticalSection, GetCurrentProcess, GetStdHandle, GetProcessId, LeaveCriticalSection, CreatePipe, SetFilePointer, InitializeCriticalSectionEx, FreeEnvironmentStringsW, GetModuleHandleA, HeapSize, GetLogicalDriveStringsW, GetFinalPathNameByHandleA, GetTimeZoneInformation, GetLastError, lstrcatW, HeapReAlloc, HeapAlloc, GetUserGeoID, DecodePointer, GetFileSize, DeleteCriticalSection, GetComputerNameW, GetProcessHeap, GlobalMemoryStatusEx, GetModuleHandleW, lstrcpyW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, VirtualAlloc, VirtualProtect, VirtualQuery, GetFileSizeEx, SetFilePointerEx, GetCurrentThreadId, GetFileType, GetStartupInfoW, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadConsoleW, RaiseException, SetStdHandle, IsValidCodePage, GetACP, SetEndOfFile, GetCPInfo, GetStringTypeW, CreateFileW, WriteConsoleW, OutputDebugStringW, SetEnvironmentVariableW, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, InitializeSListHead, RtlUnwindEx, RtlUnwind, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetNativeSystemInfo, GetFileInformationByHandleEx, GetEnvironmentStringsW, CreateProcessA, GetOEMCP, AreFileApisANSI, GetTempPathW, SetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, FindFirstFileExW, GetCurrentDirectoryW, GetLocaleInfoEx, FormatMessageA
USER32.dll	EnumDisplayDevicesW, GetDesktopWindow, GetWindowRect, ReleaseDC, GetSystemMetrics, GetDC
GDI32.dll	CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, BitBlt, DeleteDC, GetObjectW, DeleteObject, GetDeviceCaps
ADVAPI32.dll	GetCurrentHwProfileW, RegCloseKey, RegGetValueA, RegQueryValueExA, OpenProcessToken, RegOpenKeyExA, GetUserNameW, RegEnumKeyExA, GetTokenInformation, CredEnumerateA, CredFree
SHELL32.dll	SHGetKnownFolderPath, ShellExecuteW
ole32.dll	CoInitializeSecurity, CoGetObject, CoTaskMemFree, CoUninitialize, CoCreateInstance, CoSetProxyBlanket, CoInitializeEx
OLEAUT32.dll	SysAllocStringByteLen, SysFreeString, SysStringByteLen
SHLWAPI.dll
gdiplus.dll	GdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdiplusStartup, GdiplusShutdown, GdipGetImageEncoders, GdipCloneImage, GdipAlloc, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipCreateBitmapFromScan0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-27T17:51:15.562012+0200	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.562012+0200	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.562012+0200	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.571111+0200	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.4	49730	176.124.204.206	15666	TCP
2024-09-27T17:51:15.571111+0200	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.4	49730	176.124.204.206	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 27, 2024 17:51:11.001513958 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:11.163161039 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:11.163274050 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:11.267786026 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.267829895 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:11.267919064 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.306706905 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.306724072 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:11.883683920 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:11.883824110 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.959085941 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.959112883 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:11.959580898 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:11.959745884 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:11.961188078 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:12.003412962 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:12.083928108 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:12.084080935 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:12.084079027 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:12.084157944 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:12.084319115 CEST	49731	443	192.168.2.4	172.67.74.152
Sep 27, 2024 17:51:12.084338903 CEST	443	49731	172.67.74.152	192.168.2.4
Sep 27, 2024 17:51:15.562011957 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.570960045 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.570972919 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.570981979 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.570986032 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.570990086 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571110964 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.571156025 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571166992 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571175098 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571183920 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571192980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.571224928 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.571254015 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.571269035 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.583844900 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.583865881 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.583880901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.583897114 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.583951950 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.584630966 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.584647894 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.584664106 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.584696054 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.584760904 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.585325003 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.585340977 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.585355997 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.585381985 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.585412979 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.591931105 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.591998100 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.592216969 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.592310905 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.592881918 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.592995882 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.594671965 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.594799995 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.596854925 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.596932888 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.596950054 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597012997 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597089052 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597117901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597148895 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597176075 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597178936 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597234011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597316980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597368956 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597426891 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597455978 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597482920 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597507954 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597524881 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597553015 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597579002 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597580910 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597605944 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597609043 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597625017 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597634077 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597661018 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597661972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597686052 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597690105 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597714901 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597723007 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597747087 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597774982 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.597806931 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.597863913 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.598186970 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.598217010 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.598247051 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.598263025 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.598546028 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.598608971 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.598712921 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.598769903 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599317074 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599349976 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599375963 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599375963 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599411011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599433899 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599627018 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599653959 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599679947 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599684954 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599709034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599709988 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599729061 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599760056 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599792004 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599818945 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599845886 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599848032 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599874973 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599879026 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599896908 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599905968 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599930048 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599934101 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.599965096 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.599983931 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600020885 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600048065 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600080013 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600091934 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600337029 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600384951 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600399971 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600411892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600438118 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600440025 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600464106 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600493908 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600500107 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600523949 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600548983 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600550890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600579977 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600580931 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600596905 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600609064 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.600634098 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.600668907 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601694107 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601744890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601752996 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601773024 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601804972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601810932 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601833105 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601833105 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601844072 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601861000 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601885080 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601914883 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.601926088 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601974010 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.601982117 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.602035999 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603249073 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603276968 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603302956 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603332043 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603403091 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603451967 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603481054 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603507996 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603534937 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603538990 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603565931 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603591919 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603893042 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603921890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603949070 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.603955030 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603971958 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.603979111 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604001999 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604007006 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604036093 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604059935 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604063034 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604114056 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604772091 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604800940 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604826927 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604854107 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604866028 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604887962 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604902029 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604908943 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604929924 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604945898 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.604958057 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604985952 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.604986906 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605012894 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605012894 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605026007 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605041027 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605065107 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605067015 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605094910 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605094910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605120897 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605133057 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605143070 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605170965 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605196953 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605202913 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605226040 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605222940 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605240107 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605253935 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605278015 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605279922 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605308056 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605308056 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605329990 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605355978 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605357885 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605386972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605412960 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605417013 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605438948 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605441093 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605452061 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605485916 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605513096 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605518103 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605536938 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605545998 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605561018 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605602026 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605679989 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605706930 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605732918 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605734110 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605760098 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605761051 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605786085 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605811119 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605813980 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605839968 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605866909 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605869055 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605895042 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.605899096 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605921984 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.605940104 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606031895 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606087923 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606115103 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606142998 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606172085 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606174946 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606199980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606200933 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606221914 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606228113 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606252909 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606281042 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606432915 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606462002 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606487036 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606488943 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606514931 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606518984 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606529951 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606547117 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606571913 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606574059 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606601000 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606604099 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606627941 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606650114 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606654882 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606677055 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606704950 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606718063 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606731892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606758118 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606759071 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606789112 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606791973 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606816053 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606842041 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606843948 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606868982 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606870890 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606888056 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606897116 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.606918097 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.606951952 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607629061 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607656956 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607682943 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607688904 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607702017 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607711077 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607738972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607742071 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607762098 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607765913 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607796907 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607810020 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607897043 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607923985 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607950926 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607955933 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.607984066 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.607984066 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608011961 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608011961 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608040094 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608041048 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608066082 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608068943 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608097076 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608103037 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608125925 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608130932 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608159065 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608160973 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608186960 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608190060 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608201981 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608215094 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608242035 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608244896 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608269930 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608275890 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608288050 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608298063 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608319044 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608329058 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608345985 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608378887 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608500957 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608556032 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608767033 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608817101 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608839989 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608849049 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608856916 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608865023 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608896971 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608915091 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608922958 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608973980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.608974934 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.608985901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609021902 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.609040022 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.609092951 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609102964 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609110117 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609113932 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609122038 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609169006 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.609333992 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.609386921 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610054970 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610105038 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610110044 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610120058 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610130072 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610138893 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610146999 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610155106 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610169888 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610203981 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610349894 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610358953 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610367060 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610374928 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610383034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610416889 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610439062 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610845089 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610853910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610862017 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610910892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610913038 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610920906 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610929966 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610939026 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610946894 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610955000 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610963106 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610964060 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610972881 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.610980034 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.610981941 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611022949 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.611038923 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.611454964 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611514091 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.611668110 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611677885 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611685038 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611692905 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611704111 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611711025 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.611736059 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.611761093 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.611774921 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612111092 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612121105 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612128019 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612137079 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612181902 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612281084 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612289906 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612298965 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612343073 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612373114 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612381935 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612390041 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612399101 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612435102 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612447023 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612505913 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612514973 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612523079 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612530947 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612540007 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612550020 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612557888 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612565994 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612572908 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612575054 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612588882 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612621069 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612634897 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612747908 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612756968 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612766027 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612775087 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612783909 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612791061 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612798929 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.612808943 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612837076 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612849951 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.612955093 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613007069 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613569021 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613579035 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613589048 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613596916 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613605976 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613612890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613620996 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613629103 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613637924 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613637924 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613646030 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613656044 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613663912 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613672018 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613677979 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613679886 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613689899 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613699913 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613707066 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613708019 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613722086 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613732100 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613734007 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613749027 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613759041 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613759995 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613768101 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613785028 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613792896 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613797903 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613802910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613812923 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613820076 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613826036 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613831043 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613841057 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613850117 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613853931 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613859892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613868952 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613871098 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613878965 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613898993 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613908052 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613918066 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613919020 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613925934 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613939047 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613945961 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613950014 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.613955975 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613965034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.613976955 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614007950 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614034891 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614044905 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614053011 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614062071 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614070892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614097118 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614110947 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614135981 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614178896 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614187956 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614196062 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614204884 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614213943 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614222050 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614231110 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614236116 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614238977 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614250898 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614259005 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614259958 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614269018 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614280939 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614289045 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614294052 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614296913 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614305973 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614314079 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614320993 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614322901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614331961 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614339113 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614342928 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614360094 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614368916 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614375114 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614377022 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614394903 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614427090 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614581108 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614589930 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614598036 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614605904 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614614964 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614622116 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614629984 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614638090 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614646912 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614648104 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614655972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614665031 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614665985 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614675045 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614686012 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614695072 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614695072 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614710093 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614716053 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614718914 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614728928 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614737034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614744902 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614768028 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614785910 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614830971 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614840031 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614949942 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.614963055 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614972115 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614979982 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614988089 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.614996910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615005016 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615012884 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615020990 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615024090 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615030050 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615039110 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615045071 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615046978 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615056038 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615067005 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615075111 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615082979 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615087032 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615092993 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615103960 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615104914 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615114927 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615123034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615128994 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615130901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615140915 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615147114 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615149975 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615159035 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615175962 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615178108 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615185022 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615195990 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615204096 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615205050 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615212917 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615222931 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615226984 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615232944 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615247011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615250111 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615259886 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615267992 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615272045 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615278006 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615287066 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615294933 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615299940 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615304947 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615314960 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615314960 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615328074 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615336895 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615345955 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615353107 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615356922 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615367889 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615370989 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615376949 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615418911 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615422010 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615428925 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615437984 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615446091 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615454912 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615463972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615473032 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615480900 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615483046 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615492105 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.615495920 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615505934 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.615546942 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.657979012 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.660192966 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660629988 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660702944 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660767078 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660842896 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660907030 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.660969973 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.661019087 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.661077976 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.661129951 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.661206007 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.661254883 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.688292980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.688391924 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.721888065 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.722120047 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722208023 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722264051 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722327948 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722392082 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722455978 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.722507000 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.760761023 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.760875940 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771131039 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.771511078 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771599054 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771647930 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771701097 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771759987 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771811962 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771863937 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771925926 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.771977901 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.772030115 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.772082090 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.772145033 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.772171974 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.777594090 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.780078888 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.820749044 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.821911097 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.821995974 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.822031021 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.879190922 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.879277945 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.889034986 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.889297962 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.889386892 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.889442921 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.901577950 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.901787043 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.901865959 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.901907921 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924156904 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.924247026 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924297094 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.924308062 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.924559116 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924623966 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924704075 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924762011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924818039 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924870968 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924918890 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924968958 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.924982071 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.931338072 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.931535006 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.972847939 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.972968102 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.999583960 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.999614000 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:15.999907970 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:15.999984980 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000041962 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000097036 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000147104 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000221014 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000271082 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000338078 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.000360966 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.006663084 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.010309935 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010377884 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010436058 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010499954 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010548115 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010612011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.010627985 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.050806046 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.050986052 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.059434891 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.059653997 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060010910 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060082912 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060133934 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060189009 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060239077 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060296059 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060344934 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060416937 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060468912 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060528994 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060583115 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060647011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.060694933 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.064548016 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.064630985 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.064960957 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.064992905 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065020084 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065043926 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065135956 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065165043 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065193892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065196991 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065220118 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065221071 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065231085 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065252066 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065273046 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065279007 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065304041 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065305948 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065327883 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065335035 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065341949 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065361977 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065385103 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065388918 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065409899 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065417051 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065443039 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065443993 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065465927 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065478086 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065500975 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065505028 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065530062 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065532923 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065558910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065562010 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065583944 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065587997 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065608025 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065615892 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065643072 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065644026 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065665007 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065692902 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065699100 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065726995 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065752983 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065754890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065781116 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065784931 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065797091 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065809011 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065831900 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065835953 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065861940 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065865040 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065876961 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065891981 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065913916 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065920115 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065943003 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065949917 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.065974951 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.065979004 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066004992 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066005945 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066030979 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066034079 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066062927 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066066027 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066090107 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066107035 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066118002 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066143990 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066145897 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066164970 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066171885 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066195011 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066199064 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066226959 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066231012 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066245079 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066253901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066274881 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066282034 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066308975 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066312075 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066333055 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066337109 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066360950 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066385031 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066448927 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066487074 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066513062 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066513062 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066534996 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066541910 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066565037 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066569090 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066591024 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066596031 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066615105 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066622019 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066648006 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066652060 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066663027 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066675901 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066700935 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066704035 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066730976 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066731930 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066756964 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066759109 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066768885 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066786051 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066813946 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066814899 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066842079 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066845894 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066857100 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066869974 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066895008 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066900015 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066922903 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066926956 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066953897 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.066956043 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066986084 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.066992998 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067008018 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067013025 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067039013 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067040920 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067061901 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067068100 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067089081 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067095995 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067122936 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067132950 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067145109 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067152977 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067173004 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067193985 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067198038 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067222118 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067249060 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067250013 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067274094 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067276955 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067306042 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067306042 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067334890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067337036 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067348003 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067362070 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067404985 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067416906 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067454100 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067454100 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067487001 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067508936 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067514896 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067538977 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067543030 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067558050 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067570925 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067594051 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067600012 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067620039 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067627907 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067645073 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067655087 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067679882 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067681074 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067709923 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067709923 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067724943 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067738056 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067764044 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067764997 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067791939 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067791939 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067812920 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067821026 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067847967 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067856073 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067872047 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067876101 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067900896 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067908049 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067925930 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067960978 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.067962885 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.067991972 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068018913 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068021059 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068047047 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068048000 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068058968 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068075895 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068101883 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068103075 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068124056 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068130970 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068156004 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068159103 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068186045 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068186998 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068213940 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068214893 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068231106 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068243980 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068253994 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068270922 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068298101 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068298101 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068320990 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068325996 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068351984 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068351984 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068377018 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068380117 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068397045 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068408966 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068428993 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068435907 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068460941 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068464041 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068490982 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068491936 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068509102 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068511963 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068521023 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.068546057 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068557024 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.068567038 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.112943888 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.113163948 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.113895893 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.113965988 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114023924 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114073038 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114121914 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114167929 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114211082 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114269972 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114325047 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114382982 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114428043 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114481926 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114527941 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114574909 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114624023 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114677906 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.114698887 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.147425890 CEST	15666	49730	176.124.204.206	192.168.2.4
Sep 27, 2024 17:51:16.150501013 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150574923 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150619984 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150666952 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150722980 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150778055 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150834084 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150895119 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.150955915 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151005983 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151061058 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151127100 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151175976 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151226997 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151276112 CEST	49730	15666	192.168.2.4	176.124.204.206
Sep 27, 2024 17:51:16.151325941 CEST	49730	15666	192.168.2.4	176.124.204.206

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 27, 2024 17:51:11.252341986 CEST	192.168.2.4	1.1.1.1	0xaf16	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Sep 27, 2024 17:51:11.260715008 CEST	1.1.1.1	192.168.2.4	0xaf16	No error (0)	api.ipify.org	172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 27, 2024 17:51:11.260715008 CEST	1.1.1.1	192.168.2.4	0xaf16	No error (0)	api.ipify.org	104.26.12.205	A (IP address)	IN (0x0001)	false
Sep 27, 2024 17:51:11.260715008 CEST	1.1.1.1	192.168.2.4	0xaf16	No error (0)	api.ipify.org	104.26.13.205	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49731	172.67.74.152	443	6776	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-27 15:51:11 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-09-27 15:51:12 UTC	211	IN	HTTP/1.1 200 OK Date: Fri, 27 Sep 2024 15:51:12 GMT Content-Type: text/plain Content-Length: 11 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8c9ca75c1e3ac413-EWR
2024-09-27 15:51:12 UTC	11	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Target ID:	0
Start time:	11:51:10
Start date:	27/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff67a360000
File size:	1'117'696 bytes
MD5 hash:	0013399A6A9AB2E3FB25451ED658DAA1
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.9%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	32.9%
Total number of Nodes:	1834
Total number of Limit Nodes:	79

Executed Functions

Function 00007FF67A3BE4E0 Relevance: 84.2, APIs: 36, Strings: 11, Instructions: 1962COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF67A3BE56F

Strings

" --type , xrefs: 00007FF67A3BFFC1
ios_base::badbit set, xrefs: 00007FF67A3C0B51
6, xrefs: 00007FF67A3BF68D
APPB:, xrefs: 00007FF67A3C03E2
File.exe, xrefs: 00007FF67A3BFA9B
--key ", xrefs: 00007FF67A3C002E
cmd /c "", xrefs: 00007FF67A3BFF69
, xrefs: 00007FF67A3BE5BE
ios_base::failbit set, xrefs: 00007FF67A3C0B5D
ios_base::eofbit set, xrefs: 00007FF67A3C0B64
status, xrefs: 00007FF67A3C0B27

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: FileModuleName
String ID: $ --key "$" --type $APPB:$File.exe$cmd /c ""$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$status$6
API String ID: 514040917-1525073170
Opcode ID: b6f5afb4a6fe61e2ed6851905531e8daabbbe0178d6d0cdbf5cf16677d4d5fa3
Instruction ID: 1664a82e766e5468305ad322683a40c51f84db4ec7359b9a0ae1b77f03edabe4
Opcode Fuzzy Hash: b6f5afb4a6fe61e2ed6851905531e8daabbbe0178d6d0cdbf5cf16677d4d5fa3
Instruction Fuzzy Hash: 5823B673A25BC589EB608F29D8403ED7361FB85768F505325EA9D87BA9EF78D240C700

Function 00007FF67A3E9310 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 374
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 00007FF67A3E935C
GetSystemMetrics.USER32 ref: 00007FF67A3E936A
GetSystemMetrics.USER32 ref: 00007FF67A3E9378
GetSystemMetrics.USER32 ref: 00007FF67A3E9386
GetDC.USER32 ref: 00007FF67A3E9390
GetDeviceCaps.GDI32 ref: 00007FF67A3E93A6
GetDeviceCaps.GDI32 ref: 00007FF67A3E93B6
CreateCompatibleDC.GDI32 ref: 00007FF67A3E93C3
CreateCompatibleBitmap.GDI32 ref: 00007FF67A3E93DB
SelectObject.GDI32 ref: 00007FF67A3E93F1
BitBlt.GDI32 ref: 00007FF67A3E9427
SHCreateMemStream.SHLWAPI ref: 00007FF67A3E944D
SelectObject.GDI32 ref: 00007FF67A3E9467
DeleteDC.GDI32 ref: 00007FF67A3E9470
ReleaseDC.USER32 ref: 00007FF67A3E947B
DeleteObject.GDI32 ref: 00007FF67A3E9484
EnterCriticalSection.KERNEL32 ref: 00007FF67A3E957B
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E9588
GetObjectW.GDI32 ref: 00007FF67A3E95A4
IStream_Size.SHLWAPI ref: 00007FF67A3E964F
IStream_Reset.SHLWAPI ref: 00007FF67A3E965F
IStream_Read.SHLWAPI ref: 00007FF67A3E96C0
SelectObject.GDI32 ref: 00007FF67A3E970F
DeleteDC.GDI32 ref: 00007FF67A3E9718
ReleaseDC.USER32 ref: 00007FF67A3E9725
DeleteObject.GDI32 ref: 00007FF67A3E972E
DeleteObject.GDI32 ref: 00007FF67A3E9838
EnterCriticalSection.KERNEL32 ref: 00007FF67A3E984A
EnterCriticalSection.KERNEL32 ref: 00007FF67A3E985A
GdiplusShutdown.GDIPLUS ref: 00007FF67A3E9868
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E9875
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E987F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E98C3

Strings

, xrefs: 00007FF67A3E93FC

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Object$CriticalSection$Delete$MetricsSystem$CreateEnterLeaveSelectStream_$CapsCompatibleDeviceRelease$BitmapGdiplusReadResetShutdownSizeStream_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1635401455-3916222277
Opcode ID: 9b3a16a6f4fd2a042ba7d4b4e75a123d7b9354d285038708d050d696656628ef
Instruction ID: 0a1d0744d0b37a9796fde9c868dc3fe8b85e80dc40cc2c4b2445dc8ea2f4706f
Opcode Fuzzy Hash: 9b3a16a6f4fd2a042ba7d4b4e75a123d7b9354d285038708d050d696656628ef
Instruction Fuzzy Hash: 1D029033A28B818AE710CF76D8442AD73A1FB497A8F504275EA5D97BA8DF3DD484C740

Function 00007FF67A3BBAF0 Relevance: 54.6, APIs: 22, Strings: 8, Instructions: 2081COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A38EEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF67A38EF2E
Part of subcall function 00007FF67A38EEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF67A38EF6A

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE288
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE28E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE294
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE29A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE2EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE30D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE313
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE329
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE32F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3BE335
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE38C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE392
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE3E7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE3ED
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE3F3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE409
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE40F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3BE415
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE46C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE472
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE4C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BE4CD

Part of subcall function 00007FF67A3A0AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A0B94

Part of subcall function 00007FF67A3A1A80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A1B80
Part of subcall function 00007FF67A3A1A80: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A1B8C

Strings

cannot use push_back() with , xrefs: 00007FF67A3BE34D, 00007FF67A3BE42D
content, xrefs: 00007FF67A3BC5E4, 00007FF67A3BD0CE, 00007FF67A3BDCC8
recursive_directory_iterator::operator++, xrefs: 00007FF67A3BE3A6, 00007FF67A3BE486
directory_iterator::directory_iterator, xrefs: 00007FF67A3BE2C7
filename, xrefs: 00007FF67A3BC4ED, 00007FF67A3BCFD8, 00007FF67A3BDBD2
exists, xrefs: 00007FF67A3BE2B0, 00007FF67A3BE300, 00007FF67A3BE3DA, 00007FF67A3BE4BA
recursive_directory_iterator::recursive_directory_iterator, xrefs: 00007FF67A3BE3BD, 00007FF67A3BE49D
status, xrefs: 00007FF67A3BE2D7, 00007FF67A3BE31C, 00007FF67A3BE3FC

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$__std_fs_convert_wide_to_narrow
String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$exists$filename$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 972399972-4250644884
Opcode ID: 08c317fa21121830441233f15a5516dbd982e1a91429a72fc7e1740c9ac399a7
Instruction ID: f41a617303a3eb818f3cfa8a8ccb921cf528fa6d52fa08f8a8cccd5d1cd8564a
Opcode Fuzzy Hash: 08c317fa21121830441233f15a5516dbd982e1a91429a72fc7e1740c9ac399a7
Instruction Fuzzy Hash: 43235D63A29BC681EA309F15E4803EAB361FBC57A4F504276D69D87BA9DF3CD544CB00

Function 00007FF67A3EBA60 Relevance: 50.4, APIs: 19, Strings: 9, Instructions: 1387
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67A3E9EF0: EnumDisplayDevicesW.USER32 ref: 00007FF67A3E9F49

Part of subcall function 00007FF67A3E9E20: RegGetValueA.KERNEL32 ref: 00007FF67A3E9E87

Part of subcall function 00007FF67A3E9A60: GetUserNameW.ADVAPI32 ref: 00007FF67A3E9AA5

Part of subcall function 00007FF67A3E9B00: GetComputerNameW.KERNEL32 ref: 00007FF67A3E9B45

Part of subcall function 00007FF67A3A0AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A0B94

GlobalMemoryStatusEx.KERNEL32 ref: 00007FF67A3EBF16
wcsftime.LIBCMT ref: 00007FF67A3EC78F
GetModuleFileNameA.KERNEL32 ref: 00007FF67A3EC951
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3B3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3B9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3BF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3C5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3D7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3DD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3E3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3E9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3EF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED3FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED401
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ED407

Strings

user_name, xrefs: 00007FF67A3EBBB0
ram, xrefs: 00007FF67A3EC003
timezone, xrefs: 00007FF67A3ECCA0
system, xrefs: 00007FF67A3EBB5C, 00007FF67A3EBC6C, 00007FF67A3EBD82, 00007FF67A3EBE74, 00007FF67A3EBFAF, 00007FF67A3EC0B1, 00007FF67A3EC1B4, 00007FF67A3EC356, 00007FF67A3EC572, 00007FF67A3EC823, 00007FF67A3ECA00, 00007FF67A3ECC4C, 00007FF67A3ECE05, 00007FF67A3ECFC3, 00007FF67A3ED082
gpu, xrefs: 00007FF67A3EBCC0
computer_name, xrefs: 00007FF67A3EC107
cpu, xrefs: 00007FF67A3EBDD6
time, xrefs: 00007FF67A3EC877
%d-%m-%Y, %H:%M:%S, xrefs: 00007FF67A3EC77C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Name$ComputerDevicesDisplayEnumFileGlobalMemoryModuleStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 3508509583-1182675529
Opcode ID: b8437008c695b881d6fc036d8695a89248c13af2ed9e5faac352d9dc755822a2
Instruction ID: 11ba113439f73fbace8707825665742c7dd7f0090f95658fc430c87ae8a8db85
Opcode Fuzzy Hash: b8437008c695b881d6fc036d8695a89248c13af2ed9e5faac352d9dc755822a2
Instruction Fuzzy Hash: ECE2B533A29BC589EB20CF75D8402ED7765FB85758F405225EA8C97BA9EF38D284C740

Function 00007FF67A3D77F0 Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 585
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1.0, xrefs: 00007FF67A3D7C8B
APPB:, xrefs: 00007FF67A3D7F62
--key, xrefs: 00007FF67A3D7D8B, 00007FF67A3D7EE9
--type, xrefs: 00007FF67A3D7E21

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: --key$--type$1.0$APPB:
API String ID: 0-155154914
Opcode ID: 13408a047c6b275042c4ef95a805510cb8bfec5d6b8dc364fa889c8a855f5948
Instruction ID: f6399694de1eaa823d838f84be0793349eb1399cc9be3447b84192ab58a8ebf1
Opcode Fuzzy Hash: 13408a047c6b275042c4ef95a805510cb8bfec5d6b8dc364fa889c8a855f5948
Instruction Fuzzy Hash: 1C42B033A28BC682EA149F25E4453FEA361FB85794F504175E68DC7AAADF7CE490C700

Function 00007FF67A39D510 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 864
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 00007FF67A39D5ED
GetProcAddress.KERNEL32 ref: 00007FF67A39D6EB
GetProcAddress.KERNEL32 ref: 00007FF67A39D7AF
GetProcAddress.KERNEL32 ref: 00007FF67A39D82A
GetProcAddress.KERNEL32 ref: 00007FF67A39D8AF
GetProcAddress.KERNEL32 ref: 00007FF67A39D92A
GetProcAddress.KERNEL32 ref: 00007FF67A39D9AF
FreeLibrary.KERNEL32 ref: 00007FF67A39E4D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E50E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E566
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E56C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E572
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E578
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E57E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E584
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E58A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39E590

Strings

cannot use push_back() with , xrefs: 00007FF67A39E52A
system, xrefs: 00007FF67A39E2DB
vault, xrefs: 00007FF67A39E32F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2463004387-1741236777
Opcode ID: ecc748daa493dcc3c806ea0f37252f1353c6a8a5aaa5669cb2c215fc71812c66
Instruction ID: 8bb5884a3d25eb915b63582e334ee12c20984a6e083d9cb59972ea746754590f
Opcode Fuzzy Hash: ecc748daa493dcc3c806ea0f37252f1353c6a8a5aaa5669cb2c215fc71812c66
Instruction Fuzzy Hash: 69925C33619BC58ADB608F29E8403ED73A5F749798F104225EB9C97BA9EF39C654C700

Function 00007FF67A3C1A80 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 571
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

cannot use push_back() with , xrefs: 00007FF67A3C27E9
directory_iterator::directory_iterator, xrefs: 00007FF67A3C283A, 00007FF67A3C3E93
exists, xrefs: 00007FF67A3C1A64, 00007FF67A3C3E7C
prefs.js, xrefs: 00007FF67A3C2FB8
status, xrefs: 00007FF67A3C2828, 00007FF67A3C284A, 00007FF67A3C2872, 00007FF67A3C289A

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-2713369562
Opcode ID: 63296be00657a7804b8933edc681fa0ff7d2a303a79522c06b7190de4e54fe63
Instruction ID: 7e678bed4693d178ab878482b69c028a234b7228c5e31e28db7fa43c074be963
Opcode Fuzzy Hash: 63296be00657a7804b8933edc681fa0ff7d2a303a79522c06b7190de4e54fe63
Instruction Fuzzy Hash: A1525933A29BC585E6719F15E8813EAB3A4FB89794F005225DACC93B69EF7CD144CB40

Function 00007FF67A41C138 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF67A41C1E5
GetLastError.KERNEL32 ref: 00007FF67A41C1EF
FindFirstFileW.KERNEL32 ref: 00007FF67A41C206
GetLastError.KERNEL32 ref: 00007FF67A41C212
FindClose.KERNEL32 ref: 00007FF67A41C220
__std_fs_open_handle.LIBCPMT ref: 00007FF67A41C2B3
CloseHandle.KERNEL32 ref: 00007FF67A41C2C9
CloseHandle.KERNEL32 ref: 00007FF67A41C43C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: d61a8205c22dd417f485a3e9fb419a33c3a905dc4861a856e94f2a43c5fae776
Instruction ID: 8e37041c95bf1605d9029b106eab7dd3fb500f04b7e19c4201b675b74e3e35f6
Opcode Fuzzy Hash: d61a8205c22dd417f485a3e9fb419a33c3a905dc4861a856e94f2a43c5fae776
Instruction Fuzzy Hash: DC917133B6CA0246E6744B26EC0467A6390AF957B4F144370D9BD876F8DE3EE4518700

Function 00007FF67A39C9C0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 668
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CredEnumerateA.ADVAPI32 ref: 00007FF67A39CA22
CredFree.ADVAPI32 ref: 00007FF67A39D434
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D46A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4BC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4C2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4CE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4D4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4DA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4E0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39D4E6

Strings

cannot use push_back() with , xrefs: 00007FF67A39D480

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 1347986415-4122110429
Opcode ID: 0bdad057a42082f9df9179fef09da53be48914cb1a96420893d2d1df81939936
Instruction ID: f79fb864959b2b6e78ca9514d3d824bf49224dc10eab2aec7aa59704688bf184
Opcode Fuzzy Hash: 0bdad057a42082f9df9179fef09da53be48914cb1a96420893d2d1df81939936
Instruction Fuzzy Hash: D6628F33A18BC589EB208F65E8843ED7761F7457A8F504325EAAD97BA9DF78D180C700

Function 00007FF67A3F2150 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 421
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3F2300
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3F230E
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3F259D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3F25AB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F2753
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F2759
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F277C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F2782
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F2788
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F27AB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F27B1

Strings

value, xrefs: 00007FF67A3F2226, 00007FF67A3F24CD

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 6e96f6da4e5160c19df929875cb70b329b44440ba30b932c9d187923499d9032
Instruction ID: 307c52a6a9278bb3c56ddfa21ab32d29105d5897f1563a48f664c543e4be8c8b
Opcode Fuzzy Hash: 6e96f6da4e5160c19df929875cb70b329b44440ba30b932c9d187923499d9032
Instruction Fuzzy Hash: 1012C023A38BC185EB00CFB9D4802BD6761EB957A4F505275FA9D82AEADF7CD084C700

Function 00007FF67A3E8210 Relevance: 19.9, APIs: 13, Instructions: 431
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

recv.WS2_32 ref: 00007FF67A3E83EE
recv.WS2_32 ref: 00007FF67A3E8909
closesocket.WS2_32 ref: 00007FF67A3E891B
WSACleanup.WS2_32 ref: 00007FF67A3E8921
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A0D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A13
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A43

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$recv$Cleanupclosesocket
String ID:
API String ID: 3402187201-0
Opcode ID: fb716910d757f38adea17ddcce31ddc15b212ab7009bd080f33c70fd79bf3aaf
Instruction ID: 7e36a79c585bb22fe5d1cd1cfae0f9b7ab9dabf9ee5e740adccc182cb4264e87
Opcode Fuzzy Hash: fb716910d757f38adea17ddcce31ddc15b212ab7009bd080f33c70fd79bf3aaf
Instruction Fuzzy Hash: 02127473A2CBC581EA218F15E4443EAA761FB997A0F505671EA9D83AF9DF7CD480C700

Function 00007FF67A3E8A50 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 377
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InternetOpenA.WININET ref: 00007FF67A3E8C82

Part of subcall function 00007FF67A4153D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF67A391944), ref: 00007FF67A4153E0

InternetOpenUrlA.WININET ref: 00007FF67A3E8CF2
HttpQueryInfoW.WININET ref: 00007FF67A3E8D4A
HttpQueryInfoW.WININET ref: 00007FF67A3E8DD3
InternetQueryDataAvailable.WININET ref: 00007FF67A3E8E11
InternetReadFile.WININET ref: 00007FF67A3E8ECB
InternetQueryDataAvailable.WININET ref: 00007FF67A3E8F91
InternetCloseHandle.WININET ref: 00007FF67A3E9031
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E906B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3E9071

Strings

`;b, xrefs: 00007FF67A3E8B16

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection_invalid_parameter_noinfo_noreturn
String ID: `;b
API String ID: 2754876294-2329670205
Opcode ID: a41a05434ed77775db594ef1fa2ce84004dbcbf1cc0c20e796a22ef6187ecec3
Instruction ID: e7504b773c23039b170ea76851690012b4a2a28e1a8f8479d2c5595d85ae3ea0
Opcode Fuzzy Hash: a41a05434ed77775db594ef1fa2ce84004dbcbf1cc0c20e796a22ef6187ecec3
Instruction Fuzzy Hash: 7F027B33A29B9589F710CF65E8402AD77A4FB84798F101265EE8D97BA9EF38D481C740

Function 00007FF67A39E5A0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF67A39E5E8
Process32FirstW.KERNEL32 ref: 00007FF67A39E62A
Process32NextW.KERNEL32 ref: 00007FF67A39E829
CloseHandle.KERNEL32 ref: 00007FF67A39EA9B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39EB34
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39EB3A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39EB40
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39EB46

Strings

[PID: , xrefs: 00007FF67A39E664

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 1946380282-2210602247
Opcode ID: 4b2c1477acc51a709ea019105098fd94965f659ffbda46a03a4afa32c820551a
Instruction ID: 0e2d02e22bdccd9f3baa4ed7f5972dde6338cb0eded3ae9193e6e7b5b250cf12
Opcode Fuzzy Hash: 4b2c1477acc51a709ea019105098fd94965f659ffbda46a03a4afa32c820551a
Instruction Fuzzy Hash: 3CE1B773628BC185EB24CF25D8843ED7765FB857A8F504225EA9D87BA9DF78D280C700

Function 00007FF67A39EC50 Relevance: 15.7, APIs: 10, Instructions: 716COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA31
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39FA4F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: be6b821129be0224abbc88d0ec695db236515f1716b917d2a56516e9c042539c
Instruction ID: 7ecc861e281ea7b086cd677a2836897e988cb99954750b4db358e2dda381335d
Opcode Fuzzy Hash: be6b821129be0224abbc88d0ec695db236515f1716b917d2a56516e9c042539c
Instruction Fuzzy Hash: F2725233619BC589DB708F29E8413ED73A5F789798F505325EA9C96BA9DF38C284C700

Function 00007FF67A3E1F20 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 452fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32 ref: 00007FF67A3E213F
SetFilePointer.KERNEL32 ref: 00007FF67A3E21F2
ReadFile.KERNEL32 ref: 00007FF67A3E2221
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E26B3

Strings

ios_base::badbit set, xrefs: 00007FF67A3E26CD, 00007FF67A3E26F5
exists, xrefs: 00007FF67A3E26A6
ios_base::failbit set, xrefs: 00007FF67A3E2701
ios_base::eofbit set, xrefs: 00007FF67A3E2708

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2478245620-15404121
Opcode ID: 5f9e4ca639d8699a72128ccfa721fde7abdb19906f4f82f7ad628aecb2e310ca
Instruction ID: d043b95b9115863d79d5a3b4dc54ed1c4c381007895a215241081bb2cd1522c4
Opcode Fuzzy Hash: 5f9e4ca639d8699a72128ccfa721fde7abdb19906f4f82f7ad628aecb2e310ca
Instruction Fuzzy Hash: 56322823A28BC589EB60CF29D8807ED37A1FB84758F404276DA4D97BA9EF79D544C700

Function 00007FF67A409D08 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67A409D4D

Part of subcall function 00007FF67A4093B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4093CC

Part of subcall function 00007FF67A404454: RtlFreeHeap.NTDLL(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A40446A
Part of subcall function 00007FF67A404454: GetLastError.KERNEL32(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A404474

Part of subcall function 00007FF67A3F8D58: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF67A3F8D06,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A3F8D61
Part of subcall function 00007FF67A3F8D58: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF67A3F8D06,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A3F8D86

Part of subcall function 00007FF67A412470: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4123BB

_get_daylight.LIBCMT ref: 00007FF67A409D3C

Part of subcall function 00007FF67A409418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A40942C

_get_daylight.LIBCMT ref: 00007FF67A409FB2
_get_daylight.LIBCMT ref: 00007FF67A409FC3
_get_daylight.LIBCMT ref: 00007FF67A409FD4
GetTimeZoneInformation.KERNEL32(00007FF67A40A2C2), ref: 00007FF67A409FFB

Strings

Eastern Summer Time, xrefs: 00007FF67A40A0B9
Eastern Standard Time, xrefs: 00007FF67A40A0A1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: 5ef8fea5b7ffb6343d58d59f5e654fded817569be5bd4a323691fdfdb31d52da
Instruction ID: f1074a54e1123cb778c3c4b37db362b6ac5eccf07db4d3a9a52f56feeadc1221
Opcode Fuzzy Hash: 5ef8fea5b7ffb6343d58d59f5e654fded817569be5bd4a323691fdfdb31d52da
Instruction Fuzzy Hash: 33D1C523A3824245E724EF27D8502BA67A1FFA4784F4480B5EA4DC77AADF3EE441D740

Function 00007FF67A406504 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A406936

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: a8454d332437e86018a34e79ee0e67cd90b8fc8e0130e7ecb8683b7bf90769a1
Instruction ID: d212f2c96bfe00631ddf88f362f8881e3e6c37ec83a370b4a685fdc1f7a6054a
Opcode Fuzzy Hash: a8454d332437e86018a34e79ee0e67cd90b8fc8e0130e7ecb8683b7bf90769a1
Instruction Fuzzy Hash: E5C1F523B3868665FB605F1684003BEAB91EF91B94F4401F4DA4E877A9CFBEE4549701

Function 00007FF67A409F84 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67A409FB2

Part of subcall function 00007FF67A409418: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A40942C

_get_daylight.LIBCMT ref: 00007FF67A409FC3

Part of subcall function 00007FF67A4093B8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4093CC

_get_daylight.LIBCMT ref: 00007FF67A409FD4

Part of subcall function 00007FF67A4093E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4093FC

Part of subcall function 00007FF67A404454: RtlFreeHeap.NTDLL(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A40446A
Part of subcall function 00007FF67A404454: GetLastError.KERNEL32(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A404474

GetTimeZoneInformation.KERNEL32(00007FF67A40A2C2), ref: 00007FF67A409FFB

Strings

Eastern Summer Time, xrefs: 00007FF67A40A0B9
Eastern Standard Time, xrefs: 00007FF67A40A0A1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: 6992b982ce594931a36680c500339fff6557f0f256ccf34fb948bfc31a61fc78
Instruction ID: d2fa12772a3884bad9a0f38bdfa5c2cda0676ceac7d8384f71586bfde4311abe
Opcode Fuzzy Hash: 6992b982ce594931a36680c500339fff6557f0f256ccf34fb948bfc31a61fc78
Instruction Fuzzy Hash: 06518333A3864286E710EF23D8805BA77A0BB58744F4451B5EA4DC77BADF3EE4419B50

Function 00007FF67A3E9FB0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EA368
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EA36E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EA374
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EA37A

Strings

cores, xrefs: 00007FF67A3EA1E6

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: cores
API String ID: 3668304517-2370456839
Opcode ID: ddaaeac7637abf309bd636fba0f4e21889d932baa452a3d4ed9cbc3cb814210e
Instruction ID: 25a522006ef9f48d65989d3de10bdb69f58963b788aedad2f46cd765319e05eb
Opcode Fuzzy Hash: ddaaeac7637abf309bd636fba0f4e21889d932baa452a3d4ed9cbc3cb814210e
Instruction Fuzzy Hash: 6DB1B763F28B858AF700CFB9C4413EC3372AB55368F505365DE6CA2AAADF789595C340

Function 00007FF67A3E3360 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 428COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A4153D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF67A391944), ref: 00007FF67A4153E0

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E3BAE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E3BB4

Strings

ios_base::badbit set, xrefs: 00007FF67A3E3BCF, 00007FF67A3E3C0C, 00007FF67A3E3C4A
exists, xrefs: 00007FF67A3E3C83

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID: exists$ios_base::badbit set
API String ID: 555700303-2074760687
Opcode ID: 60c627b790b2c0ffcf3682fe3924915bfa2a818b45532bdaba860411a19b8344
Instruction ID: 1f8dea4ff592532fdcb563a060d52a4638e29f7f73c43f016e4baf00ee41324c
Opcode Fuzzy Hash: 60c627b790b2c0ffcf3682fe3924915bfa2a818b45532bdaba860411a19b8344
Instruction Fuzzy Hash: 7F324033A2DBC696DA20DF15E4903EA6365FB84750F404272EA8DC3AA9EF7CD544CB00

Function 00007FF67A390BD0 Relevance: 4.8, APIs: 3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 842207f6fbf6b3ba87ef6fac9f7f4deeb4e0fa80b22a779e3f22aada3394b51a
Instruction ID: 505f8e3f085b4b500a30571592888a790c20cf9770d54696533f503e01165e22
Opcode Fuzzy Hash: 842207f6fbf6b3ba87ef6fac9f7f4deeb4e0fa80b22a779e3f22aada3394b51a
Instruction Fuzzy Hash: 96F14133A18F8889EB608F69E44135D77B1F7897A8F105325EADC96B99EF7CD1908700

Function 00007FF67A3912C0 Relevance: 4.8, APIs: 3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: deb8995be8b8993a75605fc0b2e969a111e795985316c39fb14fcec82bc48fd2
Instruction ID: 69e28b9feb4db35607ef10be0637605dbd754a683bc0a952f33a6d499711d8a1
Opcode Fuzzy Hash: deb8995be8b8993a75605fc0b2e969a111e795985316c39fb14fcec82bc48fd2
Instruction Fuzzy Hash: F1F14133A18F8989EB608F69E44135D77A1F7897A8F105325EEDC96B98EF7CD1908700

Function 00007FF67A3EAB00 Relevance: 4.7, APIs: 3, Instructions: 160COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 00007FF67A3EAB71
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EAD96
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EAD9C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$DriveLogicalStrings
String ID:
API String ID: 3916208290-0
Opcode ID: fae7fe8c1d7166c2d90c83820ca4dab5deb36866862a2bbd62ab0eb48a487933
Instruction ID: bdfb43bb5e67a07f0a6eb3482b613e4c3d55a26adbd150378c70a4cde2f5bb7c
Opcode Fuzzy Hash: fae7fe8c1d7166c2d90c83820ca4dab5deb36866862a2bbd62ab0eb48a487933
Instruction Fuzzy Hash: FB716033E28B8582E7108F25E4803AE7765FB947A8F105225EA9C53AB9DF7CE5D0D740

Function 00007FF67A3EADB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FF67A3EB0F5

Strings

[UTC, xrefs: 00007FF67A3EB0C2

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: a66f02d72a5db2c1b3acb4f2da40c4cf2eb1e0a78d729c6841fe139f9daa0958
Instruction ID: ae08827e127d219fbd2eaba3c3b71fbd6f3e6eb62ebdae6b2db9f70b7aa7c716
Opcode Fuzzy Hash: a66f02d72a5db2c1b3acb4f2da40c4cf2eb1e0a78d729c6841fe139f9daa0958
Instruction Fuzzy Hash: A291D832619FC98AD7718F29E84129AB7A4F78D798F105325EACD57B19EF38C250CB40

Function 00007FF67A3D1CF0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF67A3D1D48
LocalFree.KERNEL32 ref: 00007FF67A3D1DDA

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: f88957cfd2b51bcb633bef7ba602987a2d0c6455c83a8ba819920da39e749fc3
Instruction ID: a3648a3cc15e8d6b1d949aa11bbacee318573b9adddd9455229868635e807b78
Opcode Fuzzy Hash: f88957cfd2b51bcb633bef7ba602987a2d0c6455c83a8ba819920da39e749fc3
Instruction Fuzzy Hash: D6414633A28B80CAE3208F74E4403E937A4FB5974CF044279EA8C92E9ADF79D564C754

Function 00007FF67A3E9A60 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 00007FF67A3E9AA5

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 90496fcf6dfcee039494cb4054596e234e531b545ff591467ece2fe3a88e0abf
Instruction ID: dbf4cde338bb63ace5091489c08b6155766b0b924438043c9f32278a3eb05863
Opcode Fuzzy Hash: 90496fcf6dfcee039494cb4054596e234e531b545ff591467ece2fe3a88e0abf
Instruction Fuzzy Hash: F601843352C78182E760CF25F5003AAB3A0FB98788F500131EACD82669DFBCD190CB40

Function 00007FF67A3F0A90 Relevance: 1.5, Strings: 1, Instructions: 227COMMON

Download Yara Rule

Strings

\u%04x, xrefs: 00007FF67A3F0C86

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: \u%04x
API String ID: 0-2916071157
Opcode ID: 1fad9b3796bb0d5fdcf9dafeee4abe8aa7886122a64dabba2bcf5863bcbe4c67
Instruction ID: 541851fd2b4e7836db5a4167f193d63e249d9aad09f5e44ac69713d248a9251b
Opcode Fuzzy Hash: 1fad9b3796bb0d5fdcf9dafeee4abe8aa7886122a64dabba2bcf5863bcbe4c67
Instruction Fuzzy Hash: 7D912623A2868182EB54CF29D5902BD7760FB82B94F44907ADB5ECB7A5EF3CE515C700

Function 00007FF67A3F00A8 Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

": , xrefs: 00007FF67A3F0185, 00007FF67A3F0225

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: 21247e27d2ae44605742fa71cc188a78342d6b0a71e2b25c5488f365a3c44f00
Instruction ID: dd080b783792917a19f3c5a8298f6bbb1dbadc1ab2d0d64e796e56dc117e38f2
Opcode Fuzzy Hash: 21247e27d2ae44605742fa71cc188a78342d6b0a71e2b25c5488f365a3c44f00
Instruction Fuzzy Hash: 1A912477228A4681DB20DF2AE19466D7761FB89FD8F409026DF4E8BB64DF39D158CB00

Function 00007FF67A3A40B0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF67A3A4139

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
Instruction ID: 111a2634241fb5184f31718ab7fc7d9a0a2e7d9e823d2e561a2219ec4176189e
Opcode Fuzzy Hash: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
Instruction Fuzzy Hash: AD41D56362D6E049EB02CB39841127D7FB2D366B84B1C81A2E7D8C7756DE2DD216C710

Function 00007FF67A3E1B00 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67A3E1970: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF67A3E19C1
Part of subcall function 00007FF67A3E1970: GetLastError.KERNEL32 ref: 00007FF67A3E19CB

EnterCriticalSection.KERNEL32 ref: 00007FF67A3E1B41
GdiplusStartup.GDIPLUS ref: 00007FF67A3E1B68
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E1B76
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E1BA4
GdipGetImageEncodersSize.GDIPLUS ref: 00007FF67A3E1BB2
GdipGetImageEncoders.GDIPLUS ref: 00007FF67A3E1C46
GdipCreateBitmapFromScan0.GDIPLUS ref: 00007FF67A3E1D0A
GdipSaveImageToStream.GDIPLUS ref: 00007FF67A3E1D28
GdipDisposeImage.GDIPLUS ref: 00007FF67A3E1D8D
GdipDisposeImage.GDIPLUS ref: 00007FF67A3E1DA1

Strings

&, xrefs: 00007FF67A3E1D04

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: a799f0d6590f995dc081d60b5774d6bb27e4fbd63746d95bb83c1d8aad6cf0fd
Instruction ID: ac8b865dc84d3c4a10628500a25c6a8c69cf04461ed5f00e8620ab947222d530
Opcode Fuzzy Hash: a799f0d6590f995dc081d60b5774d6bb27e4fbd63746d95bb83c1d8aad6cf0fd
Instruction Fuzzy Hash: 65916233A28B428AE710CF31D8005B977A4FB647A8F5441B5DA4DD7BA8DF38E995C340

Function 00007FF67A3E3030 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 193
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF67A3E9080: GetUserGeoID.KERNEL32 ref: 00007FF67A3E90A5
Part of subcall function 00007FF67A3E9080: GetGeoInfoA.KERNEL32 ref: 00007FF67A3E90BD
Part of subcall function 00007FF67A3E9080: GetGeoInfoA.KERNEL32 ref: 00007FF67A3E910D

Part of subcall function 00007FF67A3A0AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A0B94

WSAStartup.WS2_32 ref: 00007FF67A3E313C
socket.WS2_32 ref: 00007FF67A3E3157
htons.WS2_32 ref: 00007FF67A3E3178
inet_pton.WS2_32 ref: 00007FF67A3E31A5
connect.WS2_32 ref: 00007FF67A3E31BD
closesocket.WS2_32 ref: 00007FF67A3E31D3
WSACleanup.WS2_32 ref: 00007FF67A3E31D9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E334B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E3351
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E3357

Strings

system, xrefs: 00007FF67A3E30AA
geo, xrefs: 00007FF67A3E30E9

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: geo$system
API String ID: 2440148987-2364779556
Opcode ID: 369b569b77179fae4a33040cbad1b1e26fc2306e03f387e213986ff8efbfca03
Instruction ID: bf5755514e8c655c8ac3e84a762618f2baa4749875b3c30021b139664fed7450
Opcode Fuzzy Hash: 369b569b77179fae4a33040cbad1b1e26fc2306e03f387e213986ff8efbfca03
Instruction Fuzzy Hash: 4A919F63F28B4289EB00CFB5E8501AC3372EF447A8F405675EA5D92AB9EE7DE545C300

Function 00007FF67A3EB136 Relevance: 16.9, APIs: 11, Instructions: 377
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB700
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB706
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB70C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB712
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB718
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB71E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB724
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB72A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB730
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB736
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EB73C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 35cef6b89aa133bbca15bc5762099fcbb25724a90db74ea652aff1a28b07d9f7
Instruction ID: bd71dbd253c4763cfe22e0b7f5793d854af9c23056ee46a97a7639a17eb90a06
Opcode Fuzzy Hash: 35cef6b89aa133bbca15bc5762099fcbb25724a90db74ea652aff1a28b07d9f7
Instruction Fuzzy Hash: B7F1E363E28BC585EB118F79D4453AC6351EF957B8F509361EAAC86AEADF7CD4C08300

Function 00007FF67A3C14C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 225
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C1836
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C183C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C1842
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C1848

Strings

directory_iterator::directory_iterator, xrefs: 00007FF67A3C1490
chrome_key, xrefs: 00007FF67A3C1266, 00007FF67A3C1388
key, xrefs: 00007FF67A3C1015, 00007FF67A3C1142
exists, xrefs: 00007FF67A3C147D, 00007FF67A3C1814, 00007FF67A3C1829
status, xrefs: 00007FF67A3C14A0

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: chrome_key$directory_iterator::directory_iterator$exists$key$status
API String ID: 3668304517-2866355200
Opcode ID: 3755d7ed5a9e4e021b532b58241de286af76a174978315f378cd37477dbfcab9
Instruction ID: 4c765ae7e8f0f3b9f2440bc50978830423a48a41d3da51eaf60800a385f29fca
Opcode Fuzzy Hash: 3755d7ed5a9e4e021b532b58241de286af76a174978315f378cd37477dbfcab9
Instruction Fuzzy Hash: 4DA19073A28B9686EB00CF28E8442AD7361FB457A8F505775EA5D87AE8DF3CD181C700

Function 00007FF67A424258 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A423E38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423E79
Part of subcall function 00007FF67A423E38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423EF9
Part of subcall function 00007FF67A423E38: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423F4D
Part of subcall function 00007FF67A423E38: _get_daylight.LIBCMT ref: 00007FF67A423FA5

CreateFileW.KERNEL32 ref: 00007FF67A42435E
CreateFileW.KERNEL32 ref: 00007FF67A4243AE
GetLastError.KERNEL32 ref: 00007FF67A4243DE
GetFileType.KERNEL32 ref: 00007FF67A4243F3
GetLastError.KERNEL32 ref: 00007FF67A4243FD
CloseHandle.KERNEL32 ref: 00007FF67A424430
CloseHandle.KERNEL32 ref: 00007FF67A424594
CreateFileW.KERNEL32 ref: 00007FF67A4245C9
GetLastError.KERNEL32 ref: 00007FF67A4245D8

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: c371a098d1ed890db9e0e1017008efad7e651166628c24d51931c4570b1b57a6
Instruction ID: e8af66c05eb78e7d5dcbb9e006b14099b260f5d71c2f322c5c2c9cfd0778e804
Opcode Fuzzy Hash: c371a098d1ed890db9e0e1017008efad7e651166628c24d51931c4570b1b57a6
Instruction Fuzzy Hash: 6FC1BF37B38A4285EB10CFAAC4906AC3761FB49BA8F015265DA2ED77E9CF39D451C300

Function 00007FF67A392BB0 Relevance: 10.5, APIs: 1, Strings: 5, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A392C13

Strings

content, xrefs: 00007FF67A3938D1, 00007FF67A39470F, 00007FF67A3954D1, 00007FF67A395BEC, 00007FF67A396134
directory_iterator::directory_iterator, xrefs: 00007FF67A393C4C, 00007FF67A394A78, 00007FF67A39644C
filename, xrefs: 00007FF67A39371C, 00007FF67A394551, 00007FF67A3953B1, 00007FF67A395A12, 00007FF67A395F61
exists, xrefs: 00007FF67A393C2A, 00007FF67A394A59, 00007FF67A3963CD, 00007FF67A3963E8, 00007FF67A396485
status, xrefs: 00007FF67A394A8E, 00007FF67A39640E, 00007FF67A39641E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3668304517-3429737954
Opcode ID: 5f04f57a576b5b157d65a31b2d2d56cc07066f3f03f05c04df50e5a63e20b52d
Instruction ID: 86baabd9c5cf82e6756d3b0b23de4800b43264f1a36595801baf15919bea6d73
Opcode Fuzzy Hash: 5f04f57a576b5b157d65a31b2d2d56cc07066f3f03f05c04df50e5a63e20b52d
Instruction Fuzzy Hash: 33F0B4A3B24A8541FB089FA8D00837D2391EB14F8DF540070C64C8A6E6DF6DC4D1C740

Function 00007FF67A3EA861 Relevance: 9.2, APIs: 6, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF67A3EA879
RegEnumKeyExA.KERNEL32 ref: 00007FF67A3EA8BE
RegCloseKey.ADVAPI32 ref: 00007FF67A3EAAB4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EAAE7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EAAF3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EAAF9

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseEnumOpen
String ID:
API String ID: 2177193445-0
Opcode ID: 1154c0838f5fe8a157184aa3084b9b3080f43bed9e9792bae30ff953cebbf079
Instruction ID: 01173a94c68055ebe6cfe9d9ae1208dfc319913ca6147d4d41551f2608bcb7be
Opcode Fuzzy Hash: 1154c0838f5fe8a157184aa3084b9b3080f43bed9e9792bae30ff953cebbf079
Instruction Fuzzy Hash: 56719173E28B8585FB108F65E4443AD6761FB453A8F504225EAAC93AE9DF7CE4D1C700

Function 00007FF67A3C41A0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C4516
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C451C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C4522
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C4528

Strings

exists, xrefs: 00007FF67A3C44F4, 00007FF67A3C4509

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: exists
API String ID: 3668304517-2996790960
Opcode ID: d982718c1fd17e903050a2bce105db42f02820095b4acfa229deab4207014bee
Instruction ID: 780c7b04a75e063842bcbbcbf93f74ab1e873e5b8f2d0a7f2359dc41d76821fa
Opcode Fuzzy Hash: d982718c1fd17e903050a2bce105db42f02820095b4acfa229deab4207014bee
Instruction Fuzzy Hash: ABA19273A24B9686EB10CF68E8442AD3362FB847A8F505675EA5D87AE9DF3CD141C700

Function 00007FF67A3EDB80 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF67A3EDBA0
FreeEnvironmentStringsW.KERNEL32 ref: 00007FF67A3EDC9B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EDCC5
RtlInitUnicodeString.NTDLL ref: 00007FF67A3EDD0E
RtlInitUnicodeString.NTDLL ref: 00007FF67A3EDD1B

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1868271193-0
Opcode ID: 7aacb83b0b7a91bef113ae9f2073742aece83b3739fe776fd5feee7380209aa8
Instruction ID: 3baba3a249ef69c6d148e58ab0f38c909eb7c603dedf6d83618766397ff914b7
Opcode Fuzzy Hash: 7aacb83b0b7a91bef113ae9f2073742aece83b3739fe776fd5feee7380209aa8
Instruction Fuzzy Hash: 9E518E23A28B8182EB108F26E44036D7360FB94BD4F589265DB9D83BA9DF7CE5D18700

Function 00007FF67A3EA7F0 Relevance: 7.6, APIs: 5, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF67A3EA879
RegEnumKeyExA.KERNEL32 ref: 00007FF67A3EA8BE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: d7bd87d262713fd341ef96cadf58e55a35a040a09dcf12c0f6eedd94483c23ba
Instruction ID: 38834442f3fcaa2a910570cddba363a38aa0aca9dabcd383c3f7dc979c378832
Opcode Fuzzy Hash: d7bd87d262713fd341ef96cadf58e55a35a040a09dcf12c0f6eedd94483c23ba
Instruction Fuzzy Hash: 49319333A28B8585F7208F61E8446AE7374FB447A8F101225EE9D97B64DF7CD491C700

Function 00007FF67A3E3C90 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 413COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A4153D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF67A391944), ref: 00007FF67A4153E0

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E445A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E4460

Strings

ios_base::badbit set, xrefs: 00007FF67A3E447B, 00007FF67A3E44B8, 00007FF67A3E44F6
exists, xrefs: 00007FF67A3E452F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID: exists$ios_base::badbit set
API String ID: 555700303-2074760687
Opcode ID: b7ed75b60f7e9a23a9d9aefacd9b63456f7413aba5a27f785b067fc61554d3aa
Instruction ID: 11febdd3455529d68268a702c1c53eb177f397a5d59d03ffca0602e357c67f21
Opcode Fuzzy Hash: b7ed75b60f7e9a23a9d9aefacd9b63456f7413aba5a27f785b067fc61554d3aa
Instruction Fuzzy Hash: 23223133A2DAC691DA21DF15E4903EA6360FB84794F504276EA9DC3AB9EF7CD544CB00

Function 00007FF67A397B00 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A3EAB00: GetLogicalDriveStringsW.KERNEL32 ref: 00007FF67A3EAB71

Part of subcall function 00007FF67A397B00: FindFirstFileW.KERNEL32 ref: 00007FF67A396ECF

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A397C68
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A397C6E

Strings

content, xrefs: 00007FF67A39759F
filename, xrefs: 00007FF67A3974AA

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$DriveFileFindFirstLogicalStrings
String ID: content$filename
API String ID: 3820383557-474635906
Opcode ID: 077d28648c368bd565441d311059af13d9c85b96747a6d5d62d4a356330f4545
Instruction ID: b139c38a522bc851767a0aa24fa3690454aab2a17da5c87124d4c84d5d606976
Opcode Fuzzy Hash: 077d28648c368bd565441d311059af13d9c85b96747a6d5d62d4a356330f4545
Instruction Fuzzy Hash: 62417263E2874682EE209F15E44016AA361EBD4BF4F580371E6AD87BF9DE7CD1818B00

Function 00007FF67A3E9E20 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.KERNEL32 ref: 00007FF67A3E9E87

Strings

ProductName, xrefs: 00007FF67A3E9E72
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF67A3E9E79
--type, xrefs: 00007FF67A3E9E25

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Value
String ID: --type$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-3762788641
Opcode ID: fbe3309223dee704750fca85b9350de5150356862cfa63411aa7ce2d28625d08
Instruction ID: d66693b717381d84d459eeb54f43b4b7ae8b6f989aee619cce001f9866a35a7a
Opcode Fuzzy Hash: fbe3309223dee704750fca85b9350de5150356862cfa63411aa7ce2d28625d08
Instruction Fuzzy Hash: FA113D33618B8186D7208F22F4413AAB3A4FB89798F504225EB9C86B68DFBDD155CB40

Function 00007FF67A3E2AC0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF67A3E2AFB
OpenProcessToken.ADVAPI32 ref: 00007FF67A3E2B0C
GetTokenInformation.KERNELBASE ref: 00007FF67A3E2B44
CloseHandle.KERNEL32 ref: 00007FF67A3E2B65

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: b58325ce29b780eef651909379bfc8c714b7e3d5217266914ac01701143baf7a
Instruction ID: 11abe64d5a336499b8d2e517a134c261ffdb8f51ec9648385ee0eeb354472803
Opcode Fuzzy Hash: b58325ce29b780eef651909379bfc8c714b7e3d5217266914ac01701143baf7a
Instruction Fuzzy Hash: CC113D32628B8286EB508F12F84075AB3B4FB84B84F445135EB8D97B68DF3CD455CB40

Function 00007FF67A3A7540 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A7699
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A769F

Strings

cannot use operator[] with a numeric argument with , xrefs: 00007FF67A3A7A69

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: cannot use operator[] with a numeric argument with
API String ID: 73155330-485864652
Opcode ID: 98353018458b324c6d2cd4645ea98d9218f85b6860abfe801e2f0706387ed068
Instruction ID: 5af2811f3811e26b62d35a60ba21a4d63a469fefc519bc0cde4960c2ce40c776
Opcode Fuzzy Hash: 98353018458b324c6d2cd4645ea98d9218f85b6860abfe801e2f0706387ed068
Instruction Fuzzy Hash: 8C310423B2979244EE149F1AA5443B8A352AB04BF5F580770EE6DCBBF6DE7CE0518700

Function 00007FF67A3EA380 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 00007FF67A3EA3BA

Strings

Unknown, xrefs: 00007FF67A3EA475
--type, xrefs: 00007FF67A3EA38B

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CurrentProfile
String ID: --type$Unknown
API String ID: 2104809126-2669863112
Opcode ID: bea126a491d64014bcb752177728a3eb5fb05278235be00e47c33b448f6fcdbd
Instruction ID: 699a01faaf9c8ac5af32e84fa9850c128d10add6efddbcce923bcf7deb1c1207
Opcode Fuzzy Hash: bea126a491d64014bcb752177728a3eb5fb05278235be00e47c33b448f6fcdbd
Instruction Fuzzy Hash: CA31C123A2CBC182E7208F25F4402AAB760FB99784F541225FBCD82A5ADF7DD580CB00

Function 00007FF67A3E0800 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF67A3E0851
RegCloseKey.ADVAPI32 ref: 00007FF67A3E0863

Strings

--type, xrefs: 00007FF67A3E0807

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CloseOpen
String ID: --type
API String ID: 47109696-2654721227
Opcode ID: 5f4988e2b79fc1b4d0fbfbceca3180348d66adf10f6e166154fa8f5c91246763
Instruction ID: 6f53945c8d85d49a841b2141b5dd637f4b59c8d8f188d8493a4c1304adb71e30
Opcode Fuzzy Hash: 5f4988e2b79fc1b4d0fbfbceca3180348d66adf10f6e166154fa8f5c91246763
Instruction Fuzzy Hash: DE21A223B6CA8545FE509B62E8403AAA360EF99BE4F445171EA4DC7BA9DF2CD481C740

Function 00007FF67A39FA60 Relevance: 4.8, APIs: 3, Instructions: 273COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: EnvironmentStrings$Free
String ID:
API String ID: 3328510275-0
Opcode ID: 3333babb8737e4b4370a1f62f1c70aa9451fe4f3b12653bb777bcb8b2a2ae2b7
Instruction ID: 3a2e9736715608689107a279ee0127465e500c9a002192c014e7f0043df874ab
Opcode Fuzzy Hash: 3333babb8737e4b4370a1f62f1c70aa9451fe4f3b12653bb777bcb8b2a2ae2b7
Instruction Fuzzy Hash: 56C18133A28B8585EB20CF65E4803ED7761FB857A8F505235EA9D97BA9DF78C180C740

Function 00007FF67A3E859E Relevance: 4.7, APIs: 3, Instructions: 186networkCOMMON

Download Yara Rule

APIs

recv.WS2_32 ref: 00007FF67A3E8909
closesocket.WS2_32 ref: 00007FF67A3E891B
WSACleanup.WS2_32 ref: 00007FF67A3E8921
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E8A43

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Cleanupclosesocketrecv
String ID:
API String ID: 1729841683-0
Opcode ID: a65f43f2d25ca7c6a3c374e64be69b380e3eb1144f0c8397e9354ba1d1cc6162
Instruction ID: b0f51910f4109c7570c16eb06a7c3db3601040ff8e0e4c98eeb1534c106c0d17
Opcode Fuzzy Hash: a65f43f2d25ca7c6a3c374e64be69b380e3eb1144f0c8397e9354ba1d1cc6162
Instruction Fuzzy Hash: 6E917463E2CBC581EA208F59E4443A96721FB857A0F504371DAAC976E9DF7DD481C700

Function 00007FF67A3E1DD0 Relevance: 4.6, APIs: 3, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 00007FF67A3E1E29
CoTaskMemFree.OLE32 ref: 00007FF67A3E1EEA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E1F12

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: FolderFreeKnownPathTask_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2444108017-0
Opcode ID: ac0544086cf5bef0a3a7e7647e350e937d75641a90ccf9a4dd159b67ba3d08bd
Instruction ID: 0086c92577eeb5e82e125bd5bdbd1f7eb614f1f25c60c3d40ccd6f76979b0450
Opcode Fuzzy Hash: ac0544086cf5bef0a3a7e7647e350e937d75641a90ccf9a4dd159b67ba3d08bd
Instruction Fuzzy Hash: 7C31757392878181E720CF65E44026AB361FBD97F4F205365FAAC836A9DF7DD5818B40

Function 00007FF67A3F7764 Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3F778B

Part of subcall function 00007FF67A3F7720: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3F7737

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3F7838
_local_unwind.LIBVCRUNTIME ref: 00007FF67A3F7849

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_local_unwind
String ID:
API String ID: 1677304287-0
Opcode ID: bf7ff17dcb7492c4667a4e3f85a5f987f8021e196c42520ea16941355517f9df
Instruction ID: 7c1f9625270b34ce9a33a919fcda1b2f3f0a88a0f279c4383e2059c1b05102f4
Opcode Fuzzy Hash: bf7ff17dcb7492c4667a4e3f85a5f987f8021e196c42520ea16941355517f9df
Instruction Fuzzy Hash: 0E21AC33A3964681EE54DF14E8511B92361EB95BA5F4401BAF60EC73B6EE3DE114CF00

Function 00007FF67A3EA52B Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF67A3EA547
RegQueryValueExA.KERNEL32 ref: 00007FF67A3EA586
RegCloseKey.ADVAPI32 ref: 00007FF67A3EA624

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: bfbf7a769ea2a317111fb1415386c847ea7650cfabc1f9c9b6c6499fcc250df6
Instruction ID: 69f3b76f0d75ff4ef81793d7de9fa799935c5c428bc5aa0f0e48685616bc7b37
Opcode Fuzzy Hash: bfbf7a769ea2a317111fb1415386c847ea7650cfabc1f9c9b6c6499fcc250df6
Instruction Fuzzy Hash: BC218663E2CB8581EE508F25E48136AA761FBD57E4F505231EA9DC3AA9DF2CD484CB00

Function 00007FF67A3E9080 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 00007FF67A3E90A5
GetGeoInfoA.KERNEL32 ref: 00007FF67A3E90BD
GetGeoInfoA.KERNEL32 ref: 00007FF67A3E910D

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: 13d6c8570dd485256c110f571c40c9a01fa7513018fe1e8d2ffc8141344c43e0
Instruction ID: 952a7c25b92767dcb4436183328efbf5e8afa6e40de1cf614e2b660c468e4abb
Opcode Fuzzy Hash: 13d6c8570dd485256c110f571c40c9a01fa7513018fe1e8d2ffc8141344c43e0
Instruction Fuzzy Hash: EB118B33A28B8586D7108F62E45465EB361FB94B88F045234EB8993B69DF7CE5508B84

Function 00007FF67A3F10D0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F12D5

Strings

ios_base::badbit set, xrefs: 00007FF67A3F10D2

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set
API String ID: 3668304517-3882152299
Opcode ID: bee812225db2d635c5fa52296bcce2e8811ad68f616f17cba62308d4dc3910fd
Instruction ID: ff316d426f5f1010252d0f58664f0636bfa849c17d7173a12ccda80a8beb608e
Opcode Fuzzy Hash: bee812225db2d635c5fa52296bcce2e8811ad68f616f17cba62308d4dc3910fd
Instruction Fuzzy Hash: 9361E123F28A818AFB118FB9E4003FC7371AF55768F045274DF8DA2AA5DF38A5958744

Function 00007FF67A3EFC70 Relevance: 3.3, APIs: 2, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3c2fc93069d0735478807502c6a8eb0f7dfdae4299f655f81443917c4c6b024a
Instruction ID: 6359a3f89716c61db2b19aa3dee8dfcf383eaf37f7292d47d095a7d4901a9497
Opcode Fuzzy Hash: 3c2fc93069d0735478807502c6a8eb0f7dfdae4299f655f81443917c4c6b024a
Instruction Fuzzy Hash: 5BA18373A18B8186EB10CF29D8443AD77A0F785BA8F589135EA4D877A9DF7CD881C700

Function 00007FF67A3AB840 Relevance: 3.2, APIs: 2, Instructions: 206COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3AB9B5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AB9C1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 647f2119a84eef7fd1010834c12802ef46582b2c4f8f77b629fd762cdfa26d47
Instruction ID: b85d99aa42d0ab7b34310d9a18c8c37e6376d2de4eea2d89e9c46a9528346ed0
Opcode Fuzzy Hash: 647f2119a84eef7fd1010834c12802ef46582b2c4f8f77b629fd762cdfa26d47
Instruction Fuzzy Hash: AE61AD63B28BA581ED14CF16A41427AA355FB44BF4F548635EEAD87BE9CE3CE491C300

Function 00007FF67A3F6720 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3F695B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3F6967

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: e57078d7786f0b54e02f67a913ce752761ea8653fe71ddcff7226ea5521429c1
Instruction ID: 3e28919277add3642f822442fb51550ac7ef188fe2a1860ecbc92c1e58e4361e
Opcode Fuzzy Hash: e57078d7786f0b54e02f67a913ce752761ea8653fe71ddcff7226ea5521429c1
Instruction Fuzzy Hash: 3F61CE23B3968184EE24CE1AC01427D6761EB05FA4F548679CEADCB7E2DF3CE4818701

Function 00007FF67A3E0550 Relevance: 3.2, APIs: 2, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A3E0800: RegOpenKeyExA.KERNEL32 ref: 00007FF67A3E0851
Part of subcall function 00007FF67A3E0800: RegCloseKey.ADVAPI32 ref: 00007FF67A3E0863

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E07E9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E07EF

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpen
String ID:
API String ID: 3087652857-0
Opcode ID: 9cac156f850a5e9580aa35b7c7e3dbf63f5e9e4ede002a32ebca26308ef9dd88
Instruction ID: 9c441a051a9ac96fbbd4670d596f556a91334dc914b719820e8b6c7e5322c5aa
Opcode Fuzzy Hash: 9cac156f850a5e9580aa35b7c7e3dbf63f5e9e4ede002a32ebca26308ef9dd88
Instruction Fuzzy Hash: E571A233A28BC585EB10CF65E4403AD77A2F7857A8F504261EA9C97BA9DF7CD580CB00

Function 00007FF67A3A1020 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A120F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A1215

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 7b0652754b0399f71cbca4179e54aea714a58894d5f66d01874737d9fc442da8
Instruction ID: 4d218dbe79913a37f87ab8eb2d3abd966cdd66ae871882f124f4a125b03ef96b
Opcode Fuzzy Hash: 7b0652754b0399f71cbca4179e54aea714a58894d5f66d01874737d9fc442da8
Instruction Fuzzy Hash: A5515633B18B5685EF158F2AD45426C73A2FB48FA8F944272EE1D873A9DE38D491C340

Function 00007FF67A3E9BA0 Relevance: 3.2, APIs: 2, Instructions: 151COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A3E2CC0: __std_fs_get_current_path.LIBCPMT ref: 00007FF67A3E2D38

GetVolumeInformationW.KERNEL32 ref: 00007FF67A3E9C2D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E9E0E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: InformationVolume__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3375085511-0
Opcode ID: 39ebbe3971e4808ab3192d23f6c3ed1521155418b648f898ad4ea1bf5430e487
Instruction ID: 600b5df8835f91af8ac45b82e653867a3247f9e5f1156fe0fe33855cb11220a8
Opcode Fuzzy Hash: 39ebbe3971e4808ab3192d23f6c3ed1521155418b648f898ad4ea1bf5430e487
Instruction Fuzzy Hash: 45714E33A28B9189EB10CF74E8802ED7774FB84758F504226EA8D93B69EF78D595C740

Function 00007FF67A3A76B0 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A7848
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A784E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 6703d7483f92450a1a67d8dd1c7aba1679349bc5d410218413b15373f03d61e0
Instruction ID: ab7a0cd79325f834ee2a76a4070fdefdb464945b17ebff7ac05bd68b1285407e
Opcode Fuzzy Hash: 6703d7483f92450a1a67d8dd1c7aba1679349bc5d410218413b15373f03d61e0
Instruction Fuzzy Hash: 5841E123B2969181EE209F16E1402BAA356FB04BE4F540671EFADC77E9DE3DD040C700

Function 00007FF67A38FC40 Relevance: 3.1, APIs: 2, Instructions: 123COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 00007FF67A38FD53

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 384626957ede6438cac394f4032ba4f712b942acf186d6e7428bc4e3685138be
Instruction ID: e5f9bd03eb7cfb6057b4c68e70dc31195d4694982ed46011c30a10ba90c95972
Opcode Fuzzy Hash: 384626957ede6438cac394f4032ba4f712b942acf186d6e7428bc4e3685138be
Instruction Fuzzy Hash: A841CF63A2874281EA209F29E5402B96261EB957B4F144375EF6CC37F9EF3CE586C710

Function 00007FF67A3AB9D0 Relevance: 3.1, APIs: 2, Instructions: 111COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3ABB3C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3ABB48

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: c84bd85506a39b541427b90818548adb0f13ee535e09f099231ef443adf89cdf
Instruction ID: 9faa0d5ad1d02d066c851d1d316a93516ea42ec6f3b2f5cf0a986e6afd767672
Opcode Fuzzy Hash: c84bd85506a39b541427b90818548adb0f13ee535e09f099231ef443adf89cdf
Instruction Fuzzy Hash: DD31F163728B9582ED24DF66A4041BAA351FB44BF4F504A35EEADC7BE9CE3CE4418300

Function 00007FF67A3A6D59 Relevance: 3.1, APIs: 2, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 663876e353fde44ef4518f71a861adaf855929f5345926a9478de678d3eb2b79
Instruction ID: d3fc4a44b49e931ffc3b20f94fb5b9c1a91fd967d224e6a92ab3a0426548d286
Opcode Fuzzy Hash: 663876e353fde44ef4518f71a861adaf855929f5345926a9478de678d3eb2b79
Instruction Fuzzy Hash: 6A31D72372975141EE149F16E2041B86252EF44BF4F580671FA6D8B7E9DF3CE0908300

Function 00007FF67A3BB750 Relevance: 3.1, APIs: 2, Instructions: 101COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB8CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB8D1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 0b644b4600dd2a1a0ac3acf77c50451acd9f612592f9345b7be626f2c60d2298
Instruction ID: 5c5372401936c6378b547c939ac46da1f5db55279ab89e746e99a6d5371013dc
Opcode Fuzzy Hash: 0b644b4600dd2a1a0ac3acf77c50451acd9f612592f9345b7be626f2c60d2298
Instruction Fuzzy Hash: 2441A563A28AC682EA109F69E44536EA751FB857B4F500375E6ACC67F9DF3CD080CB04

Function 00007FF67A3A1A80 Relevance: 3.1, APIs: 2, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A1B80
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A1B8C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: af3ab77b95a207a6a7b4c385d7872f9712e67ee6787c3c9d51907d8c9c81837d
Instruction ID: e322b46ab8bc6b5a035b0c99aee4b46c0580a3217fcc68ef440d325a87f99381
Opcode Fuzzy Hash: af3ab77b95a207a6a7b4c385d7872f9712e67ee6787c3c9d51907d8c9c81837d
Instruction Fuzzy Hash: 5021C023B29A5145EE18DF15A6002B92251AF44BF4F244771EA3D837E6FE7CD4D28340

Function 00007FF67A3A33FD Relevance: 3.1, APIs: 2, Instructions: 80COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A34EA
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A34F6

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 6aa293e3c0ad5da22062a4d317702fa56bd888e78d6c5539912e0d6b999e3137
Instruction ID: 3cf268899bb7de452301bd6b9f33f574ed4f9ed54fb78d783f043675f17aced2
Opcode Fuzzy Hash: 6aa293e3c0ad5da22062a4d317702fa56bd888e78d6c5539912e0d6b999e3137
Instruction Fuzzy Hash: 4B21D123B2A66644FE1E9F25D11537912429F00FF4F5406B4EA2EC7BEADE7CE4818304

Function 00007FF67A3D8142 Relevance: 3.1, APIs: 2, Instructions: 61synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A39E5A0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF67A39E5E8
Part of subcall function 00007FF67A39E5A0: Process32FirstW.KERNEL32 ref: 00007FF67A39E62A

Part of subcall function 00007FF67A39C9C0: CredEnumerateA.ADVAPI32 ref: 00007FF67A39CA22

Part of subcall function 00007FF67A3E8210: recv.WS2_32 ref: 00007FF67A3E83EE

ReleaseMutex.KERNEL32 ref: 00007FF67A3D81A8
CloseHandle.KERNEL32 ref: 00007FF67A3D81B1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: 8f2d8c6a76ebedf1a7dda879b56b5b04b6050b161a7d620b4f1764e63ea951d9
Instruction ID: 67c43c4e44b1425dcf2bbc232e856de4637b7b99ac2ac8899810b1110d830ea9
Opcode Fuzzy Hash: 8f2d8c6a76ebedf1a7dda879b56b5b04b6050b161a7d620b4f1764e63ea951d9
Instruction Fuzzy Hash: 5421AF63E3CA8281FA11BFB5A5062FD5310AF857B9F5406B0EA5DC26F79E2CF440C611

Function 00007FF67A406A78 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF67A406A18,?,?,?,?,?,?,?,00007FF67A406B6D), ref: 00007FF67A406AC4
GetLastError.KERNEL32(?,?,?,?,?,00007FF67A406A18,?,?,?,?,?,?,?,00007FF67A406B6D), ref: 00007FF67A406ACE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 558e61541b40b1db2d94306fe445127bdb7d9f4201fb97becbd1ea20618c89ce
Instruction ID: 82e8531037059d2dafef05aa946130cebbb7e29f72e957eb6f7899ed27002016
Opcode Fuzzy Hash: 558e61541b40b1db2d94306fe445127bdb7d9f4201fb97becbd1ea20618c89ce
Instruction Fuzzy Hash: 6711C162738A8181DA109B26A80406AA761AB55BF4F5483B1EE7E877EDCFBDD0509740

Function 00007FF67A4154E0 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A415510

Part of subcall function 00007FF67A4162FC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF67A416305

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A415516

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
Instruction ID: 6bf5ef752f3c71d9c2e3ed678b3fdc4bcd0f586cfb973a7b68b705e608fa99ac
Opcode Fuzzy Hash: 9b26ece190ddfef467b4df6d1441cacb056fd69bbf8aa7748d5518b3e61eb427
Instruction Fuzzy Hash: A9E08C02F3910700FC28316B84150F502400F59375E2C0BF0E93EC42EAADAEA0614321

Function 00007FF67A404454 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A40446A
GetLastError.KERNEL32(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A404474

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 2ec01da6e00d8dba875950f448c3bd01e8b433f0394c9c223fce95592ce8bd56
Instruction ID: b2c50dedb2229d68e4ddc6231ab5c659c9c43cef892c047a7718249f864dcf20
Opcode Fuzzy Hash: 2ec01da6e00d8dba875950f448c3bd01e8b433f0394c9c223fce95592ce8bd56
Instruction Fuzzy Hash: 7EE08C53F3A60342FF086FF3984907922519F94791F1444B8CE1ED6279EE2D684A5710

Function 00007FF67A3A2E3D Relevance: 1.8, APIs: 1, Instructions: 256COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A326D

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: fc634be891fac8d8a02407564c46de64da184d1b12253a1e9a8f450d41f42fe1
Instruction ID: 71a7e8c40e1bdafc4c2cbe7075fb785bfa3e5371445c3910b6a5f1ed940b5886
Opcode Fuzzy Hash: fc634be891fac8d8a02407564c46de64da184d1b12253a1e9a8f450d41f42fe1
Instruction Fuzzy Hash: 30B19C37F28A6184EB14CF65E5442AD6762FB04BA8F054176EF5EA7BA9CF3CD4908340

Function 00007FF67A3B2FD0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B32D7

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 964edde025d73b37a7090f4428b04f5379783d1770711d49adbb065a59c038aa
Instruction ID: 597495a55a2acf9b01d2686ad0880e0489501aa955f6cf00d4273682ddda0cff
Opcode Fuzzy Hash: 964edde025d73b37a7090f4428b04f5379783d1770711d49adbb065a59c038aa
Instruction Fuzzy Hash: 7FB16C33614A51CADB248F39D0902AC73A2FB48B68F445672EA6E87FA9DF3DD554C300

Function 00007FF67A392C20 Relevance: 1.7, APIs: 1, Instructions: 193COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A392F24

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: db0bd8a1e73a62c664ab3ffa3c1e477a4247943e4680293c034fd14a9f2f8219
Instruction ID: 0f89dadf622b74481c7225ac8abb35ed307339258f1e9b047c98a2320e54bde8
Opcode Fuzzy Hash: db0bd8a1e73a62c664ab3ffa3c1e477a4247943e4680293c034fd14a9f2f8219
Instruction Fuzzy Hash: 75919223E28BC585F711CB78E4403AD67A0FB997A8F145365EADC92AA9DF7CD180C700

Function 00007FF67A404950 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A404978

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 9e03cc759f24d11102b15f23c8107da48b154919f49b66d4715d2663590a1902
Instruction ID: 42ed980e0db83eaa75373eed22c9d3967815ffade50132e9667fe535fa956a50
Opcode Fuzzy Hash: 9e03cc759f24d11102b15f23c8107da48b154919f49b66d4715d2663590a1902
Instruction Fuzzy Hash: 5341B533A3820147EA34DB1A954027A73A0EBA5B54F1001B5DB8EC77E9CF7EE442DB50

Function 00007FF67A3E98D0 Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E9A57

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 7cbe5bb23c5416ec12b349e903e9e84600306d0444772b0e1196c5b5ab3eb6cc
Instruction ID: a70ad52756be1ac3326ee0980af9f3aa0e68d269f94313828dcd2e249df16348
Opcode Fuzzy Hash: 7cbe5bb23c5416ec12b349e903e9e84600306d0444772b0e1196c5b5ab3eb6cc
Instruction Fuzzy Hash: A0414933B25F488DEB008FB9D4413AC73B6E74879CF004624EE9CA6B99EF3481648394

Function 00007FF67A3B7F50 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B8075

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 04c3f97f92dc1ef7c3056213d1fd72729a4651799a7fcf362dfb16104cf71f7d
Instruction ID: 8e43a821737260a1723bed1bb910f8cb759e606085f3ddfcc7ec46c360da8a27
Opcode Fuzzy Hash: 04c3f97f92dc1ef7c3056213d1fd72729a4651799a7fcf362dfb16104cf71f7d
Instruction Fuzzy Hash: 114127B3A18B41C6DB14CF16E480169B7B0F798F95B15866AEB8D83364DF38D8A0C754

Function 00007FF67A4063E8 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4064DF

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: f8a09153dc28454014ad16fa4410b2a8e400d7f5b281336c33c9fc96a651bd4e
Instruction ID: f3e24e6ecd22c405c3d1a18a31472fcbbe17fcaf0ae93e2c9adbe101671d3b7f
Opcode Fuzzy Hash: f8a09153dc28454014ad16fa4410b2a8e400d7f5b281336c33c9fc96a651bd4e
Instruction Fuzzy Hash: 11313133B3820299FA506F02884137D7651AF90BA4F5102F9EA0E833F6DFBDA4419711

Function 00007FF67A3A2B20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A2BBD

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: aa1cae949020b460122b86b20bfad32905152ffd6daa8965ec12828f056d1577
Instruction ID: 89565c6da72e7b098cecf50283b48e330ec2d9b42dbf7b0239ac02554276f25f
Opcode Fuzzy Hash: aa1cae949020b460122b86b20bfad32905152ffd6daa8965ec12828f056d1577
Instruction Fuzzy Hash: 3411E677715B4986DF058FAED09426C3362EB88FA9B518066DF4D87368DF39C890C340

Function 00007FF67A423AFC Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423B1F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: d449f7bd6633de8b8bd08ff16019e33518f74ffb8b7583db2479c3fafe75e578
Instruction ID: dbc265f01d5c2e6aff92c9cb74714a83a9db6840dee34fb2ff9fde51b4ae0c15
Opcode Fuzzy Hash: d449f7bd6633de8b8bd08ff16019e33518f74ffb8b7583db2479c3fafe75e578
Instruction Fuzzy Hash: E621A73362864186DB65CF19D44037976B0EB85B95F544274EA5DC76EEDF3EE8018B00

Function 00007FF67A41EFC8 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A41EF25

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
Instruction ID: 8d56af68a4d6c000b9da599c06f122f55461eb55d791c0f7715f131b2ddb6212
Opcode Fuzzy Hash: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
Instruction Fuzzy Hash: 8911A527A3C642C2EA609F52D4021BDA2A0AF85B84F4444B5EE4CC76AADF3EE8114B44

Function 00007FF67A3E4540 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FF67A3E4588

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 96e4cb0db8931e5393824d0ecfe825f058e215f5b5777a5c71bbd2f46533e8b7
Instruction ID: 91bc147f6cdf14b509fbc8e1f29ab7adeb8c417fea0dab1d306e388efb9273e6
Opcode Fuzzy Hash: 96e4cb0db8931e5393824d0ecfe825f058e215f5b5777a5c71bbd2f46533e8b7
Instruction Fuzzy Hash: 0301A222B2CA8581EB508F27F940129A3A0FB8CFE4F485170EF5D83B58EF29D8418B40

Function 00007FF67A397671 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE ref: 00007FF67A3976B4

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 9cd3b2291a3f23570049eab3fc1e6fef5472ba74db640f5840e90f60f9558740
Instruction ID: 74165cf4b5dcb2e43e868f202d2257481392ca671ca3f660c0f53fbbd6e0ec47
Opcode Fuzzy Hash: 9cd3b2291a3f23570049eab3fc1e6fef5472ba74db640f5840e90f60f9558740
Instruction Fuzzy Hash: A901FF27618A8181DA70CF56F4542AAA364FB88B95F404072DE8DD3B69DF3DD8468F00

Function 00007FF67A3F7E64 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3F7E83

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
Instruction ID: 8c461631a8c5d122826d1367cd4a428406722b248ec46442231fc387860ab1e5
Opcode Fuzzy Hash: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
Instruction Fuzzy Hash: 66E02B33A3960241EB646F79958107C72905F247B0F104775F63CC22E9CF289C504E00

Function 00007FF67A41C048 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,?,?,?,00007FF67A38FD7B,?,?,?,?,00000000,00000000,FFFFFFFF,?,?,00007FF67A3A3F5F), ref: 00007FF67A41C04C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 90da3352575779015bf82052fd36c7aa4f0d5469104e151cce640f4290d1ac4f
Instruction ID: d10a70b55467799370ecbcede503c10e4d6cee33d974d006039dfe8a8fc593c7
Opcode Fuzzy Hash: 90da3352575779015bf82052fd36c7aa4f0d5469104e151cce640f4290d1ac4f
Instruction Fuzzy Hash: 35C09B16F79903C2E65417B35D8213151E07F55701F50C4B1C15CD0174DF1DA1F74711

Function 00007FF67A41DB70 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF67A3EA118), ref: 00007FF67A41DB79

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 9a96f232a94608228943c1438b0803d9c53371bfd202436300ffcab614f7d4f0
Instruction ID: daf30774e94d20fafdb55e5c951fcd9d82a3fb44fce6fd190dc3e87df19aa717
Opcode Fuzzy Hash: 9a96f232a94608228943c1438b0803d9c53371bfd202436300ffcab614f7d4f0
Instruction Fuzzy Hash: D9B09B26A249C0D3C511EB14D8410157331F794709FD00050D28D41624DE2DD5158F00

Function 00007FF67A406DF4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF67A4171A3,?,?,?,?,?,?,?,?,0000000100000000,00007FF67A41CE65), ref: 00007FF67A406E32

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: c374065ae54e37142203b7ce4bf8e8709c0fa599dd5bee20d3e6af25bcd0fdcb
Instruction ID: 97068b1d64fa64edeacca6355eee81ca57e91ae05a32d449fcb45f9131c52317
Opcode Fuzzy Hash: c374065ae54e37142203b7ce4bf8e8709c0fa599dd5bee20d3e6af25bcd0fdcb
Instruction Fuzzy Hash: 8FF0BE13F3D30740FA942A63980527692814F947A0F084AF0ED2FC52E9EEAEE4416751

Non-executed Functions

Function 00007FF67A3AE419 Relevance: 50.5, APIs: 13, Strings: 15, Instructions: 1482COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF8E4

Part of subcall function 00007FF67A38D510: __std_exception_copy.LIBVCRUNTIME ref: 00007FF67A38D553

Part of subcall function 00007FF67A418404: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF67A41CE76), ref: 00007FF67A418448
Part of subcall function 00007FF67A418404: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF67A41CE76), ref: 00007FF67A41848E

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF9C0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF9C6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF9CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF9D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AF9D8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3AFA01
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AFA70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AFA76
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3AFAC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3AFB0E

Strings

conditional not closed, xrefs: 00007FF67A3AFCBB, 00007FF67A3AFCDE
#base, xrefs: 00007FF67A3AEDA6
", xrefs: 00007FF67A3AE80C
key declared, but no value, xrefs: 00007FF67A3AF957, 00007FF67A3AF97A, 00007FF67A3AFA7C
key opened, but never closed, xrefs: 00007FF67A3AFA9F
Unexpected eof, xrefs: 00007FF67A3AF8EA
object is not closed with '}', xrefs: 00007FF67A3AF911
No closed word, xrefs: 00007FF67A3AFA07, 00007FF67A3AFA2A
/, xrefs: 00007FF67A3AE622
#include, xrefs: 00007FF67A3AED7A
word wasnt properly ended, xrefs: 00007FF67A3AFA4D, 00007FF67A3AFAC8
unexpected '}', xrefs: 00007FF67A3AFAEB
quote was opened but not closed., xrefs: 00007FF67A3AF934, 00007FF67A3AF99D
*, xrefs: 00007FF67A3AE65B
unexpected key without object, xrefs: 00007FF67A3AF9DE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 1861853482-2258937249
Opcode ID: c7ea62ee023bda5483a05b33829794a688d97cf37c36a587353b2f6601147d13
Instruction ID: b4545af252510c17ba0cb0c7a6c59004df031504500de246a66624dac5ce7634
Opcode Fuzzy Hash: c7ea62ee023bda5483a05b33829794a688d97cf37c36a587353b2f6601147d13
Instruction Fuzzy Hash: 20E28F33A28BD685EF608F25D8443F92762FB447A8F544572EA4DCBAA9DF78D185C300

Function 00007FF67A3B00ED Relevance: 36.1, APIs: 10, Strings: 10, Instructions: 1062COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B13A0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B13A6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B13AC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B13B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B13B8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B13E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B1450
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B1456
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B14A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B14EE

Strings

No closed word, xrefs: 00007FF67A3B13E7, 00007FF67A3B140A
word wasnt properly ended, xrefs: 00007FF67A3B142D, 00007FF67A3B14A8
#include, xrefs: 00007FF67A3B075A
", xrefs: 00007FF67A3B01EC
#base, xrefs: 00007FF67A3B0786
quote was opened but not closed., xrefs: 00007FF67A3B1314, 00007FF67A3B137D
unexpected '}', xrefs: 00007FF67A3B14CB
unexpected key without object, xrefs: 00007FF67A3B13BE
key declared, but no value, xrefs: 00007FF67A3B1337, 00007FF67A3B135A, 00007FF67A3B145C
key opened, but never closed, xrefs: 00007FF67A3B147F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: "$#base$#include$No closed word$key declared, but no value$key opened, but never closed$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 3936042273-2543107223
Opcode ID: 27c125338b1e291dff05108e22ab0259c3e6de5834d986b61c0233ced3d33b89
Instruction ID: e404914cb47fb3cc7710a96179c9dd366df8900019885e8d44b0a7bf58a57a53
Opcode Fuzzy Hash: 27c125338b1e291dff05108e22ab0259c3e6de5834d986b61c0233ced3d33b89
Instruction Fuzzy Hash: 73A2A063A29BC6C5EB608F25C8403FD2762FB457A8F445272DA4DCBAA9DF78D585C300

Function 00007FF67A399A59 Relevance: 34.3, APIs: 14, Strings: 5, Instructions: 1060COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A38EEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF67A38EF2E
Part of subcall function 00007FF67A38EEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF67A38EF6A

Part of subcall function 00007FF67A3A1990: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A19E8

Part of subcall function 00007FF67A38F3F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A38F450

Part of subcall function 00007FF67A3A0AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A0B94

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39AD96
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADAC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADB2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADBE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADC4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADCA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADD0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADD6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADE2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADE8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADEE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39ADF4

Strings

users, xrefs: 00007FF67A39A319
content, xrefs: 00007FF67A399CF9, 00007FF67A399FDF, 00007FF67A39A87B
filename, xrefs: 00007FF67A399C97, 00007FF67A399F83, 00007FF67A39A7A8
!, xrefs: 00007FF67A39A66F
status, xrefs: 00007FF67A39AD9F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow
String ID: !$content$filename$status$users
API String ID: 1223724100-3795777748
Opcode ID: 7e816ec9e8569474a41fc60701ba5f12f1ec58b71a6479551b8b428b4167c649
Instruction ID: ef64ffc08dcd1683607b6d8f626338d0d1f26d81aa70a1b3868a951dd4284da8
Opcode Fuzzy Hash: 7e816ec9e8569474a41fc60701ba5f12f1ec58b71a6479551b8b428b4167c649
Instruction Fuzzy Hash: F6B28463A25BC589EB21DF34D8403ED2365FB457A8F405271EA9DCBAA9EF78D641C300

Function 00007FF67A397ED0 Relevance: 31.1, APIs: 15, Strings: 2, Instructions: 1358COMMON

Download Yara Rule

Strings

exists, xrefs: 00007FF67A3995E3
Software, xrefs: 00007FF67A398344, 00007FF67A398530

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: Software$exists
API String ID: 0-2364128853
Opcode ID: ab1f34c6eabb8e6b4357a6be38fa35660b2f85d5e605683310524eaab521cea2
Instruction ID: 2641ea74a38861b9e84703f9fec4bf0551beccb3cd0858d9d154567cd1c0fd2b
Opcode Fuzzy Hash: ab1f34c6eabb8e6b4357a6be38fa35660b2f85d5e605683310524eaab521cea2
Instruction Fuzzy Hash: 1FE28173A24BC589EB208F29D9843ED7364FB857A8F105221EB5C97BA9DF78D580C740

Function 00007FF67A366480 Relevance: 30.2, Strings: 24, Instructions: 244COMMON

Download Yara Rule

Strings

boot.sdi, xrefs: 00007FF67A3667D1
winsipolicy.p7b, xrefs: 00007FF67A3665B8
winre.wim, xrefs: 00007FF67A366800
wpsettings.dat, xrefs: 00007FF67A3667A2
iconcache.db, xrefs: 00007FF67A3665DE
bootsect.bak, xrefs: 00007FF67A366546
d3d9caps.dat, xrefs: 00007FF67A3666E6
ntldr, xrefs: 00007FF67A366592
desktop.ini, xrefs: 00007FF67A36656C
indexervolumeguid, xrefs: 00007FF67A366773
gdipfontcachev1.dat, xrefs: 00007FF67A3666B7
bootmgr, xrefs: 00007FF67A36685E
ntuser.dat.log, xrefs: 00007FF67A36662D
bootmgfw.efi, xrefs: 00007FF67A3664F9
ntuser.dat, xrefs: 00007FF67A366604
boot.ini, xrefs: 00007FF67A3664D1
bootstat.dat, xrefs: 00007FF67A366715
autorun.inf, xrefs: 00007FF67A3664A8
bootfont.bin, xrefs: 00007FF67A366520
thumbs.db, xrefs: 00007FF67A366688
BOOTNXT, xrefs: 00007FF67A36688D
mib.bin, xrefs: 00007FF67A366744
ntuser.ini, xrefs: 00007FF67A366659
reagent.xml, xrefs: 00007FF67A36682F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
API String ID: 73155330-850610325
Opcode ID: b815a531361c7f9514bfba62c325ecb5df87e29bcbffc5f06317a13bf243767b
Instruction ID: 797a3b2cea8fec2856cb883b39e5433a96d68f9dee283ea14784fe66256ee5eb
Opcode Fuzzy Hash: b815a531361c7f9514bfba62c325ecb5df87e29bcbffc5f06317a13bf243767b
Instruction Fuzzy Hash: 04C13453D74FCA84E711DF35C8813F55361BBEA388F606326E948A586AEF68B6C4C740

Function 00007FF67A3EDD50 Relevance: 29.5, APIs: 19, Instructions: 1017stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 00007FF67A3EDD93
NtAllocateVirtualMemory.NTDLL ref: 00007FF67A3EDDC8
lstrcpyW.KERNEL32 ref: 00007FF67A3EDE2A
lstrcatW.KERNEL32 ref: 00007FF67A3EDEE1
NtAllocateVirtualMemory.NTDLL ref: 00007FF67A3EDF65
lstrcpyW.KERNEL32 ref: 00007FF67A3EE01A
RtlInitUnicodeString.NTDLL ref: 00007FF67A3EE02F
RtlInitUnicodeString.NTDLL ref: 00007FF67A3EE044
LdrEnumerateLoadedModules.NTDLL ref: 00007FF67A3EE057
RtlReleasePebLock.NTDLL ref: 00007FF67A3EE05D

Part of subcall function 00007FF67A3E1DD0: SHGetKnownFolderPath.SHELL32 ref: 00007FF67A3E1E29
Part of subcall function 00007FF67A3E1DD0: CoTaskMemFree.OLE32 ref: 00007FF67A3E1EEA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3EE095
CoInitializeEx.OLE32 ref: 00007FF67A3EE105
lstrcpyW.KERNEL32 ref: 00007FF67A3EE30E
lstrcatW.KERNEL32 ref: 00007FF67A3EE545
CoGetObject.OLE32 ref: 00007FF67A3EE561
lstrcpyW.KERNEL32 ref: 00007FF67A3EECC1
lstrcatW.KERNEL32 ref: 00007FF67A3EEF22
CoGetObject.OLE32 ref: 00007FF67A3EEF3E
CoUninitialize.OLE32 ref: 00007FF67A3EF4B2

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2979746431-0
Opcode ID: 470d3dfc7b9750618d423cd4540c8fa8ed8d435e855b8fca27854b27f60d9312
Instruction ID: e316234e5309d96a27107152bfb27438843589614a48f8e8ae49c67e435ff74e
Opcode Fuzzy Hash: 470d3dfc7b9750618d423cd4540c8fa8ed8d435e855b8fca27854b27f60d9312
Instruction Fuzzy Hash: 1DD2873662AFC58AD7918F69E88169EB3B4F788788F105225EECD57B18EF38C154C740

Function 00007FF67A39AE00 Relevance: 28.9, APIs: 10, Strings: 6, Instructions: 913COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BE8B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BE91
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BE97
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BE9D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BEA3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BEAF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BEB5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BEBB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BEC1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39BECD

Strings

content, xrefs: 00007FF67A39BAF4
directory_iterator::directory_iterator, xrefs: 00007FF67A39BE63
files, xrefs: 00007FF67A39BC5F
filename, xrefs: 00007FF67A39B97B
key, xrefs: 00007FF67A39B3CA, 00007FF67A39B5A9
exists, xrefs: 00007FF67A39BE7E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: content$directory_iterator::directory_iterator$exists$filename$files$key
API String ID: 3668304517-2980817763
Opcode ID: 8808fe76fe11be17fede2411d256a0c1c8621fc4363a651c91913278584ab810
Instruction ID: 580028a8c62444c1ded86e1f1dd3d34a1eb140350a416d30df24106b0c7611fc
Opcode Fuzzy Hash: 8808fe76fe11be17fede2411d256a0c1c8621fc4363a651c91913278584ab810
Instruction Fuzzy Hash: 65A26173A19BC589DB218F24D8803ED7365FB457A8F505325EA9C8BBA9DF78D284C700

Function 00007FF67A391D4E Relevance: 27.1, APIs: 10, Strings: 5, Instructions: 804COMMON

Download Yara Rule

Strings

content, xrefs: 00007FF67A39244D
directory_iterator::directory_iterator, xrefs: 00007FF67A392A70, 00007FF67A392ABA
filename, xrefs: 00007FF67A392396
exists, xrefs: 00007FF67A392A54
status, xrefs: 00007FF67A392A80, 00007FF67A392A96

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 0-3429737954
Opcode ID: e2231abf9e6750d7fa4b60caa1b050a200a47e40475597661d0923c48db29045
Instruction ID: 0e31da2aa3b2e5922b469c1fbfcba1521da37f92a6f54810d151c4feebdab9c0
Opcode Fuzzy Hash: e2231abf9e6750d7fa4b60caa1b050a200a47e40475597661d0923c48db29045
Instruction Fuzzy Hash: AE829323A25BC689EB209F75D8843ED2361FB857A8F445271EA4DD7BA9DF38D641C300

Function 00007FF67A3660C0 Relevance: 25.2, Strings: 20, Instructions: 208COMMON

Download Yara Rule

Strings

$windows.~bt, xrefs: 00007FF67A36621E
Windows, xrefs: 00007FF67A366111
ntldr, xrefs: 00007FF67A366326
Program Files, xrefs: 00007FF67A3663E2
System Volume Information, xrefs: 00007FF67A366186
bootmgr, xrefs: 00007FF67A3663B3
PerfLogs, xrefs: 00007FF67A366244
Program Files (x86), xrefs: 00007FF67A366411
Windows.old, xrefs: 00007FF67A3661F8
AppData, xrefs: 00007FF67A3662F7
$windows.~ws, xrefs: 00007FF67A366299
$winreagent, xrefs: 00007FF67A36626D
Application Data, xrefs: 00007FF67A3661AC
All users, xrefs: 00007FF67A366384
$recycle.bin, xrefs: 00007FF67A3660E8
ProgramData, xrefs: 00007FF67A366355
config.msi, xrefs: 00007FF67A3661D2
#recycle, xrefs: 00007FF67A366139
Boot, xrefs: 00007FF67A366160
Windows.~bt, xrefs: 00007FF67A3662C8

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
API String ID: 73155330-2722463023
Opcode ID: 09db10df498b887c42b6ddd2bb1ccb86b1b81dbdf6e64d0b75542c00bd61434b
Instruction ID: 65aa9aa803483816232a45c4857e01a55ddde80124cafc1a1129bcead89a8718
Opcode Fuzzy Hash: 09db10df498b887c42b6ddd2bb1ccb86b1b81dbdf6e64d0b75542c00bd61434b
Instruction Fuzzy Hash: E5A14653D74BCA44E711DF35C8823F55361BBEA388F606326E54CA186AEF68B6C5C740

Function 00007FF67A410E74 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF67A410EC3
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A4114F6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A41166C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A411928
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A411B48
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A411D83
memcpy_s.LIBCPMT ref: 00007FF67A411E5E
memcpy_s.LIBCPMT ref: 00007FF67A411F09
memcpy_s.LIBCPMT ref: 00007FF67A411FD9

Part of subcall function 00007FF67A3FC304: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3FC336

Strings

1#IND, xrefs: 00007FF67A410FB3
1#QNAN, xrefs: 00007FF67A410FDF
1#SNAN, xrefs: 00007FF67A410FD6
1#INF, xrefs: 00007FF67A410FEF

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: d3ac3c9e6f2a3cc9299820455b8d5a62efe305f74d449836c4ee372b45885f05
Instruction ID: 6b9d2768a0cc266250f968fc5b7f0e7994eb3ae998ade39ab8f812dd09ff9008
Opcode Fuzzy Hash: d3ac3c9e6f2a3cc9299820455b8d5a62efe305f74d449836c4ee372b45885f05
Instruction Fuzzy Hash: 83B2D773A282828BE7648F6AD4407FD77B1FB44788F505179DA09D7AACDF3AA510CB40

Function 00007FF67A3D3CC0 Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 630COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D4671
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D4677
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D467D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D4683
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D4689
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D468F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D4695

Strings

[required], xrefs: 00007FF67A3D45D1
[default: , xrefs: 00007FF67A3D4594
[nargs=, xrefs: 00007FF67A3D4527
[nargs: , xrefs: 00007FF67A3D44E2, 00007FF67A3D4503
or more] , xrefs: 00007FF67A3D451E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: or more] $[default: $[nargs: $[nargs=$[required]
API String ID: 3668304517-2670406794
Opcode ID: f3164cb6f8f4669c550a80faf72dde7c9d51d7f03de8c29346bc794460403ad6
Instruction ID: 4968b3855b89ba1abbc8c257767a8937d6fa777b78f63271a3c4b806a9730685
Opcode Fuzzy Hash: f3164cb6f8f4669c550a80faf72dde7c9d51d7f03de8c29346bc794460403ad6
Instruction Fuzzy Hash: 3B529163A28B8181FB14CF69E4442AD6761FB857A4F6046B6EA5DC37E9DF3CE080C700

Function 00007FF67A39BEE0 Relevance: 21.6, APIs: 8, Strings: 4, Instructions: 608COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C979
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C995
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C99B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C9A1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C9A7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C9AD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39C9B9

Strings

content, xrefs: 00007FF67A39C653
directory_iterator::directory_iterator, xrefs: 00007FF67A39C988
filename, xrefs: 00007FF67A39C494
exists, xrefs: 00007FF67A39C96C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: content$directory_iterator::directory_iterator$exists$filename
API String ID: 3668304517-1400943384
Opcode ID: fb29027cbcfc176c16ecb449572523415ce074717b5e89282a4012ca1ef7e868
Instruction ID: a450bd4d7ff2b441c16bd67d3b82eb6aeee7bb8bca9d291bfe426ab2f0bc22ef
Opcode Fuzzy Hash: fb29027cbcfc176c16ecb449572523415ce074717b5e89282a4012ca1ef7e868
Instruction Fuzzy Hash: 0252A873625BC589EB20CF25D8403ED73A1FB897A8F505225DA9C97BA9DF78D680C700

Function 00007FF67A3C5220 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 408COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3C53D0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3C53DE
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3C566D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3C567B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5823
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5829
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C584C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5852
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5858
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C587B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5881

Strings

value, xrefs: 00007FF67A3C52F6, 00007FF67A3C559D

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: c4f955665f49c842b5d129d8127569334b04b417095e30994275b775f98a0e06
Instruction ID: b699b6ff2133257fd44d730ba2a3e8154f89699ebeb699ea49c1b8c6fb0844b6
Opcode Fuzzy Hash: c4f955665f49c842b5d129d8127569334b04b417095e30994275b775f98a0e06
Instruction Fuzzy Hash: 7F02A223A28BD185EB00CF79D8402BD6761EB857A4F505372FA9D92AEADF6CD185C700

Function 00007FF67A3EE0A0 Relevance: 12.8, APIs: 8, Instructions: 839stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A3EDD50: RtlAcquirePebLock.NTDLL ref: 00007FF67A3EDD93
Part of subcall function 00007FF67A3EDD50: NtAllocateVirtualMemory.NTDLL ref: 00007FF67A3EDDC8
Part of subcall function 00007FF67A3EDD50: lstrcpyW.KERNEL32 ref: 00007FF67A3EDE2A
Part of subcall function 00007FF67A3EDD50: lstrcatW.KERNEL32 ref: 00007FF67A3EDEE1

CoInitializeEx.OLE32 ref: 00007FF67A3EE105
lstrcpyW.KERNEL32 ref: 00007FF67A3EE30E
lstrcatW.KERNEL32 ref: 00007FF67A3EE545
CoGetObject.OLE32 ref: 00007FF67A3EE561
lstrcpyW.KERNEL32 ref: 00007FF67A3EECC1
lstrcatW.KERNEL32 ref: 00007FF67A3EEF22
CoGetObject.OLE32 ref: 00007FF67A3EEF3E
CoUninitialize.OLE32 ref: 00007FF67A3EF4B2

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
String ID:
API String ID: 3636535045-0
Opcode ID: b7bfeffe4e490a9624e5010149ae55799967800886d82e80360165d1231289cd
Instruction ID: 70fd205f27c9ed10300cd9f87eb19a06300286c8da78def5c731930e58028b9a
Opcode Fuzzy Hash: b7bfeffe4e490a9624e5010149ae55799967800886d82e80360165d1231289cd
Instruction Fuzzy Hash: 3CB2673652AFC58AD7A18F29E88169AB3A4F789B84F105215FFCD57F18EF38C2548740

Function 00007FF67A3D4EF0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 431COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A4154E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A415510
Part of subcall function 00007FF67A4154E0: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A415516

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D53F7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D53FD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D55C7

Strings

--help, xrefs: 00007FF67A3D5124
--version, xrefs: 00007FF67A3D5235
prints version information and exits, xrefs: 00007FF67A3D52DC
shows help message and exits, xrefs: 00007FF67A3D51CB

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: --help$--version$prints version information and exits$shows help message and exits
API String ID: 3936042273-1172229024
Opcode ID: 5f58f7e40627627a6a2a95d0060da266843323e37e75f24a8559d961539eb37c
Instruction ID: e1ce10659cc6c0bca321847140a485899faa1719bf284f20fd06fd62c4fbd4f2
Opcode Fuzzy Hash: 5f58f7e40627627a6a2a95d0060da266843323e37e75f24a8559d961539eb37c
Instruction Fuzzy Hash: CE22AA33A28B81C5E710CF24E4407AD73A4FB98798F649236DA8C93769EF79D1A5C340

Function 00007FF67A3D8270 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 416COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF67A3D82D3
ShellExecuteW.SHELL32 ref: 00007FF67A3D893B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D89C4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D89CA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D89D0

Strings

--type, xrefs: 00007FF67A3D89E5

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExecuteFileModuleNameShell
String ID: --type
API String ID: 3435646932-2654721227
Opcode ID: e007e293bcbd1e18ae45f006441b6335a5ba7266a3a47bfeac8c5918e6b39eba
Instruction ID: 9d92b4c4d1d28ab74f5952f548476d2e853420ce890030deed3cac7010cda79c
Opcode Fuzzy Hash: e007e293bcbd1e18ae45f006441b6335a5ba7266a3a47bfeac8c5918e6b39eba
Instruction Fuzzy Hash: B4221A33A29FC486DB408F29E8816ADB3A4F788798F505225FE9D57B68EF78D150C740

Function 00007FF67A40F798 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF67A4010DC: GetLastError.KERNEL32 ref: 00007FF67A4010EB
Part of subcall function 00007FF67A4010DC: FlsGetValue.KERNEL32 ref: 00007FF67A401100
Part of subcall function 00007FF67A4010DC: SetLastError.KERNEL32 ref: 00007FF67A40118B

TranslateName.LIBCMT ref: 00007FF67A40F805
TranslateName.LIBCMT ref: 00007FF67A40F840
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF67A401CCC), ref: 00007FF67A40F885
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF67A401CCC), ref: 00007FF67A40F8AD

Strings

utf8, xrefs: 00007FF67A40F991

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue
String ID: utf8
API String ID: 1791977518-905460609
Opcode ID: 75fc4a7c8dd77050ccf508e81fcf101ab10c97c00b882e20efad90d3381ba567
Instruction ID: e1fc361e7568e3b09b0e021c177e94d7d124f579c4f7a4a41323f53820ecc4c8
Opcode Fuzzy Hash: 75fc4a7c8dd77050ccf508e81fcf101ab10c97c00b882e20efad90d3381ba567
Instruction Fuzzy Hash: D2917B33A3874285EB249F63D4812BA33A4EB64B80F4441B1DA4DC77AAEF3EE551D741

Function 00007FF67A4101CC Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF67A4010DC: GetLastError.KERNEL32 ref: 00007FF67A4010EB
Part of subcall function 00007FF67A4010DC: FlsGetValue.KERNEL32 ref: 00007FF67A401100
Part of subcall function 00007FF67A4010DC: SetLastError.KERNEL32 ref: 00007FF67A40118B

Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A401121
Part of subcall function 00007FF67A4010DC: FlsGetValue.KERNEL32 ref: 00007FF67A4011C1

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF67A41033C

Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A40114E
Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A40115F
Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A401170
Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A4011E0
Part of subcall function 00007FF67A4010DC: FlsSetValue.KERNEL32 ref: 00007FF67A401208

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF67A401CC5), ref: 00007FF67A410323
ProcessCodePage.LIBCMT ref: 00007FF67A410366
IsValidCodePage.KERNEL32 ref: 00007FF67A410378
IsValidLocale.KERNEL32 ref: 00007FF67A41038E
GetLocaleInfoW.KERNEL32 ref: 00007FF67A4103EA
GetLocaleInfoW.KERNEL32 ref: 00007FF67A410406

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: e3a05af4ba6670b971f6ec394c6969138c7dcc59e88584d7c61c9146e292b8e6
Instruction ID: bbd98f497f596c96c7b5c43a30ebf64b72c2337751ac205ecbdbbd0d283caabc
Opcode Fuzzy Hash: e3a05af4ba6670b971f6ec394c6969138c7dcc59e88584d7c61c9146e292b8e6
Instruction Fuzzy Hash: 1A719D23B286068AFB509B62E4542BD33B0BF84744F6440B6CA5DD77A9EF3EE955C300

Function 00007FF67A3F8A38 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF67A3F8AB1
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF67A3F8AC9
RtlVirtualUnwind.KERNEL32 ref: 00007FF67A3F8B04
IsDebuggerPresent.KERNEL32 ref: 00007FF67A3F8B3D
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF67A3F8B47
UnhandledExceptionFilter.KERNEL32 ref: 00007FF67A3F8B52

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: 35bf856a41f19bc8ee7b8f5e42e7dc75e2a598134c0ac36b1a8c304357de2300
Instruction ID: 74ff8e08f66fabe665391e38dcdf7c40014e666517106c38a043109d8e4978de
Opcode Fuzzy Hash: 35bf856a41f19bc8ee7b8f5e42e7dc75e2a598134c0ac36b1a8c304357de2300
Instruction Fuzzy Hash: 1B318E33628F8186DB60CF25E8402AE73A4FB88759F544176EA8D93BA8DF3DC555CB00

Function 00007FF67A3FBE00 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF67A3FBE6A
memcpy_s.LIBCPMT ref: 00007FF67A3FBE95

Strings

, xrefs: 00007FF67A3FBFC8

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-3916222277
Opcode ID: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
Instruction ID: 4184e6f80e598a446f63b754fd507d0333d14b427d996aafa29d0443bde9f5c8
Opcode Fuzzy Hash: 1b748593274e8ddd9ac1e908b2a22b3d8043b10f383cd2471e7c6bd1e5b959b4
Instruction Fuzzy Hash: C6C1B273A786868BDB24CF59A088A6AB791FB94794F448139DB4EC3754DE3CE805CF00

Function 00007FF67A41E2B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF67A41E311
IsDebuggerPresent.KERNEL32 ref: 00007FF67A41E329
OutputDebugStringW.KERNEL32 ref: 00007FF67A41E33A

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF67A41E333

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: dd3e2ca460fa5c1ace79570233ea5db2e1cd5342ccce423e6cc7acf1d21f1517
Instruction ID: 8215658075ce03db53d96193913e09efd427b2fcf099979e15ec43d5fef81f45
Opcode Fuzzy Hash: dd3e2ca460fa5c1ace79570233ea5db2e1cd5342ccce423e6cc7acf1d21f1517
Instruction Fuzzy Hash: BC118833A28B42A3E7048B23E6413B973A4FB04745F448075CB4DC2A68EF3EE4B48710

Function 00007FF67A3F49BA Relevance: 6.9, Strings: 5, Instructions: 634COMMON

Download Yara Rule

Strings

object key, xrefs: 00007FF67A3F4F8A, 00007FF67A3F52D9
object separator, xrefs: 00007FF67A3F4EDE, 00007FF67A3F5221
value, xrefs: 00007FF67A3F5398
object, xrefs: 00007FF67A3F5169
array, xrefs: 00007FF67A3F50B1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: __std_exception_destroy$_invalid_parameter_noinfo_noreturn
String ID: array$object$object key$object separator$value
API String ID: 2506729964-2448007618
Opcode ID: e431f2b2776ee5f1a30440124ce9b7b28fb47f76c39932588eb4869221464a06
Instruction ID: 388933e0a66806b1b824b91ead893e759a19e7443b23d45237ce5855d06361c6
Opcode Fuzzy Hash: e431f2b2776ee5f1a30440124ce9b7b28fb47f76c39932588eb4869221464a06
Instruction Fuzzy Hash: 5F42D423A38A8696FB00DF75C4411FD2321EB91794F406676EA0ED76BAEF6CE185C740

Function 00007FF67A400220 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF67A400270
GetSystemInfo.KERNEL32 ref: 00007FF67A400287
VirtualAlloc.KERNEL32 ref: 00007FF67A4002F4
VirtualProtect.KERNEL32 ref: 00007FF67A40030E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: 11b77a7473343ea9f97a82672d96a93015c4d3047c6cf214eae4d55d05e5b63c
Instruction ID: 61febffb0707822caa2c9ad2fe27ce6cc72093f9b617a6a64862644c3990728b
Opcode Fuzzy Hash: 11b77a7473343ea9f97a82672d96a93015c4d3047c6cf214eae4d55d05e5b63c
Instruction Fuzzy Hash: DA314B33724A818EEB10CF36D8447E923A5FB58788F444075DA4E87B68DE3DE645C740

Function 00007FF67A416328 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF67A416354
GetCurrentThreadId.KERNEL32 ref: 00007FF67A416362
GetCurrentProcessId.KERNEL32 ref: 00007FF67A41636E
QueryPerformanceCounter.KERNEL32 ref: 00007FF67A41637E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 5214a599837bfdf14c14888f2e92068cf60515bb8fdf26be688366121654f7f3
Instruction ID: a985c4177a1824d462438170dedb81ce74ab34a8028ec1a45f7d700de978d947
Opcode Fuzzy Hash: 5214a599837bfdf14c14888f2e92068cf60515bb8fdf26be688366121654f7f3
Instruction Fuzzy Hash: FE113026B24F0189EB00CF71E8542B833A4F759B59F441E35DA6D867B8EF79D1548340

Function 00007FF67A3D8FD0 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 499COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D92B7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D95A3

Strings

%, xrefs: 00007FF67A3D95DE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: %
API String ID: 3668304517-2567322570
Opcode ID: 78ff1c0ba038cc3ab3b58d10f66274e2fef20a22b12b05c7e6c4e15174b0cae6
Instruction ID: 85cc981091cab753fd7a94776061a23abcb15a0759c853e645ca4ac49c017991
Opcode Fuzzy Hash: 78ff1c0ba038cc3ab3b58d10f66274e2fef20a22b12b05c7e6c4e15174b0cae6
Instruction Fuzzy Hash: FD121C23B28A858AFB258FA5E4103FD67A1AB44798F244135EE4DA7BA9DF3CD445C340

Function 00007FF67A40A50C Relevance: 5.5, APIs: 3, Instructions: 1005COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A40A957
_get_daylight.LIBCMT ref: 00007FF67A40A9F7
_get_daylight.LIBCMT ref: 00007FF67A40AA10

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID:
API String ID: 1286766494-0
Opcode ID: bd57f40c3e3db77148fe0ffe54f4275cd58e4d53c750776aaf4c012eb2fe935b
Instruction ID: 11876c8482f2f32fdfe3a77b75ecf3033d310034c52036d83d3850b8c60a61aa
Opcode Fuzzy Hash: bd57f40c3e3db77148fe0ffe54f4275cd58e4d53c750776aaf4c012eb2fe935b
Instruction Fuzzy Hash: 9A92BD33A3864286E7248F26945417B37A1FB64784F1481F5DB8E87BA9CF3EE901E714

Function 00007FF67A41BC84 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF67A38DF29), ref: 00007FF67A41BCAA
FormatMessageA.KERNEL32 ref: 00007FF67A41BCD9

Strings

!x-sys-default-locale, xrefs: 00007FF67A41BC9D

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: e03368e1294968a7be98b08cf2acdcb8e5506132744e7f119a71bf8ca3b046b3
Instruction ID: b866f310fc1e94cebb2e83d5fc6093c8d4ab53a147dfc44415d102985dc6ebfa
Opcode Fuzzy Hash: e03368e1294968a7be98b08cf2acdcb8e5506132744e7f119a71bf8ca3b046b3
Instruction Fuzzy Hash: 1D01B173B28B8182E7248B22F4407B9A7A1FB987D5F444175DA8992BACCF3DD405CB00

Function 00007FF67A3B6F70 Relevance: 5.0, APIs: 3, Instructions: 460COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B6FEA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B6FF0

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 9193ef1a76070ff9094938fc9e26e3b07d864966f927d00ca1d39ba0c7ab48d4
Instruction ID: 90ad688f8f2a0560b2cad28dd9d584e21615fda6e10cd76544093529d1fba9d9
Opcode Fuzzy Hash: 9193ef1a76070ff9094938fc9e26e3b07d864966f927d00ca1d39ba0c7ab48d4
Instruction Fuzzy Hash: 72029D63B29F8685EB10CFA9D0402AD6362EB48BE4F144272DE5D977A9DF38E491C740

Function 00007FF67A3AC4E0 Relevance: 4.8, APIs: 3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8ed4d05b7ff35b3b56e886d6629c0703e26c40081793b28326e6b7c6c8a6dab9
Instruction ID: aae68af041cb0e9c26b63989d26fddd222f4971fc568855c6aba911915a79558
Opcode Fuzzy Hash: 8ed4d05b7ff35b3b56e886d6629c0703e26c40081793b28326e6b7c6c8a6dab9
Instruction Fuzzy Hash: 9F91CF73B29B8981EE14CF16E5401A963A5FB58BD0F544132EA8ECB768EF3CE552C700

Function 00007FF67A397C80 Relevance: 4.6, APIs: 3, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF67A397D0D
LocalFree.KERNEL32 ref: 00007FF67A397D9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A397E86

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2610421622-0
Opcode ID: 6e1be380b36d6308e574858bb0b1421ef5b9830db38561ba86a8e01b5bc49d21
Instruction ID: 9cf3f12594a4f145fe406fbc83cfa0401c5863d7c54928eec21b47c4ed2fa07a
Opcode Fuzzy Hash: 6e1be380b36d6308e574858bb0b1421ef5b9830db38561ba86a8e01b5bc49d21
Instruction Fuzzy Hash: 05616C33B24B818AFB10DFB5E4403AD73A1EB5879CF008275EA4D96A99DF78D5A48740

Function 00007FF67A3D6D70 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 506COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D750D

Strings

-, xrefs: 00007FF67A3D7031

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: -
API String ID: 3668304517-2547889144
Opcode ID: f249676934a509c3e643a81391da5fbc4642066ddecaf12384e377dfbebdae82
Instruction ID: 734a6291cf6a660ebaa123f0d0f4b67c21d22cca0a78ac4eb50cf71bf3a1797d
Opcode Fuzzy Hash: f249676934a509c3e643a81391da5fbc4642066ddecaf12384e377dfbebdae82
Instruction Fuzzy Hash: 5D22A123A28B91C6EB10CF25E4402AD77A1FB457A8F604675FE5D97BA9DF38E481C700

Function 00007FF67A4050AC Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF67A401E9E), ref: 00007FF67A405120

Strings

GetLocaleInfoEx, xrefs: 00007FF67A4050C8, 00007FF67A4050D9

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 3e7302eb2a7978fa3031c2e08be01dfce33e44987349fbcc01d6c54447146e53
Instruction ID: 2c247ceff18d6cb665697244d5c11a4b9844e7ec698f27bf7e07099e66af2537
Opcode Fuzzy Hash: 3e7302eb2a7978fa3031c2e08be01dfce33e44987349fbcc01d6c54447146e53
Instruction Fuzzy Hash: 2901A722B2864185E7448B67B4001ABA760EF94BC0F5440B5DE4D97BBDCE3ED5418340

Function 00007FF67A408C2C Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF67A408E7B
RaiseException.KERNEL32 ref: 00007FF67A408E8C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: b71f1d3c42e610c0face707ee20cd6d6a88a4c4d18c7a9917a4b3c1b6102180a
Instruction ID: 7256bb47396c1293d18901fc59393085936ddd9280a19578712f9df24e215352
Opcode Fuzzy Hash: b71f1d3c42e610c0face707ee20cd6d6a88a4c4d18c7a9917a4b3c1b6102180a
Instruction Fuzzy Hash: 60B17C73624B448BEB55CF2AC98236937E0F794B88F1589A1DA5D837B8CF3AD451D700

Function 00007FF67A3CDBD0 Relevance: 1.7, APIs: 1, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3CDEEC

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a10e736733ab78b52f91e159c721946c235020e2f4f5fc1209b4e2fc31c319d0
Instruction ID: b0d9a7e6366fbfc6610212374522e4bab2a15be95bd65bd21aa10132d528e4ce
Opcode Fuzzy Hash: a10e736733ab78b52f91e159c721946c235020e2f4f5fc1209b4e2fc31c319d0
Instruction Fuzzy Hash: EAA18C23A19BA589EB00CF69D8803AC7770F715788F548566DF8D93BA9DF38E091C350

Function 00007FF67A3CD260 Relevance: 1.7, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3CD589

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 413d5fab21a9d9f2d5efc64595a1be8cb0e2d9a45e1cdd630bc19ef13d16304d
Instruction ID: 0061ef6c053d5a05fb3b393064fb89bb388d524949405ad2b65377c6a84b35c7
Opcode Fuzzy Hash: 413d5fab21a9d9f2d5efc64595a1be8cb0e2d9a45e1cdd630bc19ef13d16304d
Instruction Fuzzy Hash: 6BA19023A29BA589EB00CFA9D8803AC7771F754798F544566EF8D97BA5DF38E091C300

Function 00007FF67A3CCF60 Relevance: 1.7, APIs: 1, Instructions: 214COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3CD258

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: c581e8977b33af35039448f8e39aaf5e8cb8f390a98b08808b20f05f175720f5
Instruction ID: a0dbb7cfceb73633d5fae7873d17aabd62ddc58ddc3c31e0b019299f5a6b387e
Opcode Fuzzy Hash: c581e8977b33af35039448f8e39aaf5e8cb8f390a98b08808b20f05f175720f5
Instruction Fuzzy Hash: 35A1AC63B29BA989EB00CFA9D8803AC6770F715788F548566DF8D97BA5DF38D091C340

Function 00007FF67A3CDF00 Relevance: 1.7, APIs: 1, Instructions: 210COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3CE1F8

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: d2b7f1040b983b5a6047405a0407e77e46b8456ac83219ed03ba37a61d7b5d0b
Instruction ID: c1f9872a94f9b16ea4a2c393e8f491bb3502ad83071107d873e0a1a7def77e76
Opcode Fuzzy Hash: d2b7f1040b983b5a6047405a0407e77e46b8456ac83219ed03ba37a61d7b5d0b
Instruction Fuzzy Hash: D5A17A63A19BA989EB00CF6AD8803AC7770F715748F648666DF8D97BA5DF38D091C340

Function 00007FF67A423BC0 Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF67A423C23

Part of subcall function 00007FF67A41E91C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A41E930

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo
String ID:
API String ID: 474895018-0
Opcode ID: c18a0d9b03aae947ae56912f7fbd91862cf6e30b660de31e07dea2fef0df8077
Instruction ID: 043efa6f92a781b21043d9ffe67913984eb793c56b82cebeada062bb7f1961a9
Opcode Fuzzy Hash: c18a0d9b03aae947ae56912f7fbd91862cf6e30b660de31e07dea2fef0df8077
Instruction Fuzzy Hash: 98610923F3869245FBA8CE2B944077D65A19F40764F1402B9DA2DC7AF9DE6EF8448700

Function 00007FF67A40FAE4 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF67A4010DC: GetLastError.KERNEL32 ref: 00007FF67A4010EB
Part of subcall function 00007FF67A4010DC: FlsGetValue.KERNEL32 ref: 00007FF67A401100
Part of subcall function 00007FF67A4010DC: SetLastError.KERNEL32 ref: 00007FF67A40118B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF67A4102CF,?,00000000,00000092,?,?,00000000,?,00007FF67A401CC5), ref: 00007FF67A40FB82

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 6bbfa0cfbcb117d0d0bd7b1f47d6fbf85da9e61559fd768ec35dd84706e269b8
Instruction ID: 0b940ae345416f638e6249b9b6114eba40beff23c22eab205165474b36f702f0
Opcode Fuzzy Hash: 6bbfa0cfbcb117d0d0bd7b1f47d6fbf85da9e61559fd768ec35dd84706e269b8
Instruction Fuzzy Hash: E311D563E386458AEB148F26D0906A977E0FBA0BA1F4441B5C699833E8DE3DD5D1DB40

Function 00007FF67A3BAF00 Relevance: 1.6, Strings: 1, Instructions: 302COMMON

Download Yara Rule

Strings

., xrefs: 00007FF67A3BB200

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: .
API String ID: 0-248832578
Opcode ID: fb315bc80d0e4220bfa16cea2cebd06dd5b487f5fc83885914d8b253c2bdc7b6
Instruction ID: e2e36dfe2f9eb953b5d47611433c19d359c598b764b47289dafcd0e495f22a8f
Opcode Fuzzy Hash: fb315bc80d0e4220bfa16cea2cebd06dd5b487f5fc83885914d8b253c2bdc7b6
Instruction Fuzzy Hash: 9DC19463A28E86C6EB608F26D4441BD63A2FB497A4F548372DA9DC77A4DF7CD841C304

Function 00007FF67A40FBB4 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF67A4010DC: GetLastError.KERNEL32 ref: 00007FF67A4010EB
Part of subcall function 00007FF67A4010DC: FlsGetValue.KERNEL32 ref: 00007FF67A401100
Part of subcall function 00007FF67A4010DC: SetLastError.KERNEL32 ref: 00007FF67A40118B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF67A41028B,?,00000000,00000092,?,?,00000000,?,00007FF67A401CC5), ref: 00007FF67A40FC32

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 20f033303a7f43631ab577e4b8c174f2a0670d8761bb9d685c12eeb3ee4fc0cb
Instruction ID: 7933b5251a0b8fc303851fac7392d197974b71fc8123ab3eecc8e39efe4cdb21
Opcode Fuzzy Hash: 20f033303a7f43631ab577e4b8c174f2a0670d8761bb9d685c12eeb3ee4fc0cb
Instruction Fuzzy Hash: 3401D673E2C28186E7144B17E4807AA72E1FB60BA1F4582B5D669876E8DF6E9481E700

Function 00007FF67A404B68 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF67A404FBB,?,?,?,?,?,?,?,?,00000000,00007FF67A40F130), ref: 00007FF67A404BB7

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 91facb745afbc2f4637f145e0eb14d72f4a938eed1d470420a8036ca57912e6f
Instruction ID: 3a1698edfea0a5f77315674770c202fde96d55a1c7b7d5391556e6f9619ef4b1
Opcode Fuzzy Hash: 91facb745afbc2f4637f145e0eb14d72f4a938eed1d470420a8036ca57912e6f
Instruction Fuzzy Hash: A6F01977A28A4182E704DB26F9512AA6371EB99B81F0480B5DA4DC3379DF3DD4519740

Function 00007FF67A40717C Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF67A4074DB

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
Instruction ID: 4e615b1f5379532bc28fa06a4efd3258f63eadb3b32cab4b386163ca19770589
Opcode Fuzzy Hash: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
Instruction Fuzzy Hash: EFA12963B38BC546EB25CB2694407BE7791BB60784F0481B1DE4D877A9DE3EE501DB02

Function 00007FF67A3FE10C Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

, xrefs: 00007FF67A3FE2F2

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 0e27038ca049793d61ec5ddb93713cae2a321fb0d894cb179eab7f341e6cf820
Instruction ID: 5889eb4b5606aa54d627ab3d96cc5f1791782a9762ec4453dda3eda6a415bcbb
Opcode Fuzzy Hash: 0e27038ca049793d61ec5ddb93713cae2a321fb0d894cb179eab7f341e6cf820
Instruction Fuzzy Hash: 53B16A73A38755C5E7658F2AD45423C3BA0EB09B68F2802BEDE4EC63A5CF29D441CB15

Function 00007FF67A3E6783 Relevance: .7, Instructions: 696COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5c12bc012ad02e285c341da713a39c5a81c563c1883bac74b687ebed5d69bd68
Instruction ID: 86c494f0e91df6f5b5c2383cfc7fb477dda8c136c158ac960e8049b6417d2195
Opcode Fuzzy Hash: 5c12bc012ad02e285c341da713a39c5a81c563c1883bac74b687ebed5d69bd68
Instruction Fuzzy Hash: 98729433A18BC589EB718F25D8403ED77A5F749798F404265EA9C9BBA9DF38D680C700

Function 00007FF67A41EFD0 Relevance: .6, Instructions: 634COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c5325b933501e752e53b4993b7539b7d02dad47a23dec996b8a144fc4eb4aaf5
Instruction ID: 738cec704029506ef6b0df6e4deb40db1634c599fe66fa9206ab30d1866e10b7
Opcode Fuzzy Hash: c5325b933501e752e53b4993b7539b7d02dad47a23dec996b8a144fc4eb4aaf5
Instruction Fuzzy Hash: 77626E23E39E5686E6538F36B8115356364BF523C4F5183B3E90EE7A78DF2EA4528700

Function 00007FF67A3DF9C0 Relevance: .4, Instructions: 428COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 042c13a15fea5a2a1b7fd401a9e4f90c7abfb219e0802bb1e0a5658ac4d56ca8
Instruction ID: 0695a6346a901bb7aead330e6aa675f58279d918060eb6aa8acfb82ebbc6c05d
Opcode Fuzzy Hash: 042c13a15fea5a2a1b7fd401a9e4f90c7abfb219e0802bb1e0a5658ac4d56ca8
Instruction Fuzzy Hash: A402AF13E28B82C2EB218F25D5802B92351FB55BA8F149275DE5DC76AADF38F6D1C340

Function 00007FF67A3FE9A4 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 1b7c041a1ddcf11e25cf0bb9e41c031e648fd4e482a102b9d07c79ecb8b8e1b7
Instruction ID: 62faad7b4dc7074ad48f13846cd66cc1a4974ad7a5c3daacb4c4d98f53aed60f
Opcode Fuzzy Hash: 1b7c041a1ddcf11e25cf0bb9e41c031e648fd4e482a102b9d07c79ecb8b8e1b7
Instruction Fuzzy Hash: 9FD19127A39646C6EB648F29804067D27A1FF04B68F24037ADE5DC77E5DF29E842CB41

Function 00007FF67A401B14 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 88e75c18b578dfe027ebcec4b74e3b6c1c05ca8ec6d9b2d69b7d7db6122ddb3f
Instruction ID: 0f47d355988f6dec613a171302e93827a59b59167e441f22d6fb1d24c21f477f
Opcode Fuzzy Hash: 88e75c18b578dfe027ebcec4b74e3b6c1c05ca8ec6d9b2d69b7d7db6122ddb3f
Instruction Fuzzy Hash: 5BC1A327A3868285EB609B2794107BF67B0FBA4788F4040B1DE4DC7AADEF3ED5419700

Function 00007FF67A3877B0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8a50d792f6ea55e1878b4c34ab1188b16c77c7345f1422f6bee4b15fd44da86d
Instruction ID: eb438a44a6fcddb694ab657a25b7432a07b16074a855d38c9ebd6906e70b598f
Opcode Fuzzy Hash: 8a50d792f6ea55e1878b4c34ab1188b16c77c7345f1422f6bee4b15fd44da86d
Instruction Fuzzy Hash: 1602F533915FC48DE7228F39EC512E977A4F799798F105225EB9C6AB19EF349290C340

Function 00007FF67A3FE49C Relevance: .2, Instructions: 244COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5bb6e68f6367ee2887d169ae8d8b9ba2fe82d39e90418e2bd536febdff533256
Instruction ID: a83b6b7d260627f74204cc5a21d3fdc0c52a326aeebf6a94f9077048640a9283
Opcode Fuzzy Hash: 5bb6e68f6367ee2887d169ae8d8b9ba2fe82d39e90418e2bd536febdff533256
Instruction Fuzzy Hash: 05B15973A38B55C5E7A58F29845422C3BA1EB49B68F2402BACA4EC73A5CF29D441DB05

Function 00007FF67A3CFE50 Relevance: .2, Instructions: 225COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
Instruction ID: a86bbf871795deeff051649bf185dfdbd10642c81c88c29639b75243f15025ec
Opcode Fuzzy Hash: b94abd17858a29da6604f084abc8ede15cb37ad89f40817780fbb3ade52cfd43
Instruction Fuzzy Hash: 82917FB76246808BD354CF29E440A4ABBA4F7D8B48F51E615EF8593B14E739DA06CF40

Function 00007FF67A41EB50 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e8a9fff3f2d525b00164d309c93a27ca122c3ecc993597ac109084ccaafdead9
Instruction ID: e015d2f013b6b68590a1024fac7efc577eed81b7dc2ccc501f7c4b0b919a7fc3
Opcode Fuzzy Hash: e8a9fff3f2d525b00164d309c93a27ca122c3ecc993597ac109084ccaafdead9
Instruction Fuzzy Hash: 1F81A377A24A5286EB64CF26D4813BD23A0FB44B98F144A76EE1EC77A9DF39D0518304

Function 00007FF67A407CAC Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 03f10e5c36d2c90e3e843d3ee526e322415ff32a223bae658752ee0c55110d05
Instruction ID: f7eaf89248f44e1c91fe3888ea00c6a17761e382892659cace978609a0dbd2e2
Opcode Fuzzy Hash: 03f10e5c36d2c90e3e843d3ee526e322415ff32a223bae658752ee0c55110d05
Instruction Fuzzy Hash: 6881E573A38B8145E7B4CB2A948037B7691FB95794F1042B5DA8D87BA9CF3EE4409F01

Function 00007FF67A3ACB90 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
Instruction ID: 4cec02f9310064dc4b1a23377e3ffb5b8f46e0d8c31a8737c8939ab7b9a4dee2
Opcode Fuzzy Hash: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
Instruction Fuzzy Hash: 8B61E463B29AA982EF208F9DD0455B86362FB547E4F458231EB5EC77A4DE3CE191C300

Function 00007FF67A3D0180 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8597c923cbaa6151206fd998e97a6f96e981866a793e387065817f7198bd7c65
Instruction ID: e50a310b70e5d2a74110a26e469e2b0ffd420c0c3c9c48e1359745d949e2ce58
Opcode Fuzzy Hash: 8597c923cbaa6151206fd998e97a6f96e981866a793e387065817f7198bd7c65
Instruction Fuzzy Hash: B161C12321E2C48FD30DDF7C589106D7F61D7A7908388469DEAC5EBB4BC518C51ACBA6

Function 00007FF67A3E12F0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d5449f8e1e76c7c39ff7bf4f38ba925b3ca9a205e5da8ad886608f72b29d4485
Instruction ID: 983e9e3356270b3b0611d8f51b50450bf4d3c4e5edbf5eebb912441b93ca38ae
Opcode Fuzzy Hash: d5449f8e1e76c7c39ff7bf4f38ba925b3ca9a205e5da8ad886608f72b29d4485
Instruction Fuzzy Hash: 2451E4A3B0568443DB248B49FC42796F7A5FBD87C5F00A126EE8D97B68EB3CD5818700

Function 00007FF67A3FDAC4 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction ID: 58f4f7aa9e2b98920a2dcb7e146c62879f80889dd2d5a8c64ff4f8c17d2336a9
Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction Fuzzy Hash: 88517073A3965183F7298E24815833C27A1EB55BADF140179CE4AD77A9CF29EC42CB80

Function 00007FF67A4083D8 Relevance: .1, Instructions: 126COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 21af7599d668425c508b6dc6d20b2ad751947d9bb730ee801f404e20e9297778
Instruction ID: 7187146593f7d32a6a730576f25972678f0c0022ee1bb6a9a97d31a659f7ffc0
Opcode Fuzzy Hash: 21af7599d668425c508b6dc6d20b2ad751947d9bb730ee801f404e20e9297778
Instruction Fuzzy Hash: 2741AF23724A5586EF44CF2AEA2416A7391FB58FD4B499076DE0DC7B68EE3DD4428340

Function 00007FF67A3AFDF9 Relevance: 37.2, APIs: 10, Strings: 11, Instructions: 427COMMON

Download Yara Rule

Strings

object is not closed with '}', xrefs: 00007FF67A3B12F1
*, xrefs: 00007FF67A3B003B
No closed word, xrefs: 00007FF67A3B13E7, 00007FF67A3B140A
word wasnt properly ended, xrefs: 00007FF67A3B142D, 00007FF67A3B14A8
unexpected '}', xrefs: 00007FF67A3B14CB
quote was opened but not closed., xrefs: 00007FF67A3B1314, 00007FF67A3B137D
unexpected key without object, xrefs: 00007FF67A3B13BE
key declared, but no value, xrefs: 00007FF67A3B1337, 00007FF67A3B135A, 00007FF67A3B145C
/, xrefs: 00007FF67A3B0002
key opened, but never closed, xrefs: 00007FF67A3B147F
Unexpected eof, xrefs: 00007FF67A3B12CA

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: *$/$No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-1642088037
Opcode ID: b8faa98e97a49f4b4eeb8a7d9a1122b2dec6a5f31b1fca10665950ec988442fc
Instruction ID: c72839f4904ca489d5766388c4252673464bb7efbdf1101e9599db89bfb9992b
Opcode Fuzzy Hash: b8faa98e97a49f4b4eeb8a7d9a1122b2dec6a5f31b1fca10665950ec988442fc
Instruction Fuzzy Hash: DC12B423A29A8695EF60DF25D8802F96361FF40798F405572E64ECBAB9EF7DD185C300

Function 00007FF67A3AFD10 Relevance: 35.3, APIs: 11, Strings: 9, Instructions: 341COMMON

Download Yara Rule

Strings

object is not closed with '}', xrefs: 00007FF67A3B12F1
No closed word, xrefs: 00007FF67A3B13E7, 00007FF67A3B140A
word wasnt properly ended, xrefs: 00007FF67A3B142D, 00007FF67A3B14A8
unexpected '}', xrefs: 00007FF67A3B14CB
quote was opened but not closed., xrefs: 00007FF67A3B1314, 00007FF67A3B137D
unexpected key without object, xrefs: 00007FF67A3B13BE
key declared, but no value, xrefs: 00007FF67A3B1337, 00007FF67A3B135A, 00007FF67A3B145C
key opened, but never closed, xrefs: 00007FF67A3B147F
Unexpected eof, xrefs: 00007FF67A3B12CA

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2490624340
Opcode ID: d7b8be012b611d7c68f823c86e04f696d3f65aa94ea25392f05cb2508796e7ca
Instruction ID: 72795a76075d9c8a4ab09d41d86eaa969c1b4157a85eceedbae4e773e0fc9125
Opcode Fuzzy Hash: d7b8be012b611d7c68f823c86e04f696d3f65aa94ea25392f05cb2508796e7ca
Instruction Fuzzy Hash: 8BF16333629A8694EB60DF25E8803E92361FF40398F405572E65DC7ABAEF7DD295C300

Function 00007FF67A3D2B90 Relevance: 19.4, APIs: 2, Strings: 9, Instructions: 137COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D2D56
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D2D5C

Strings

.exe, xrefs: 00007FF67A3D241B
.exe, xrefs: 00007FF67A3D2444
runas, xrefs: 00007FF67A3D288B
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 00007FF67A3D248B
ios_base::badbit set, xrefs: 00007FF67A3D2B34
temp_directory_path, xrefs: 00007FF67A3D2B0B
open, xrefs: 00007FF67A3D2882
ios_base::failbit set, xrefs: 00007FF67A3D2B3F
ios_base::eofbit set, xrefs: 00007FF67A3D2B46

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: .exe$.exe$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas$temp_directory_path
API String ID: 3668304517-3845196099
Opcode ID: b18a3ac510c8b0f24bfca421e772cd1bd5065f06416b9bbe873d300fd71040d9
Instruction ID: b7782c19951bd143594be5c2fa173864d7407d3695de4d0e352d776b2adf218e
Opcode Fuzzy Hash: b18a3ac510c8b0f24bfca421e772cd1bd5065f06416b9bbe873d300fd71040d9
Instruction Fuzzy Hash: B2516E33F24B4584FB008FA5D5405BD6771AF497A8F685675EE1CA3AA9EE38E581C300

Function 00007FF67A4010DC Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF67A4010EB
FlsGetValue.KERNEL32 ref: 00007FF67A401100
FlsSetValue.KERNEL32 ref: 00007FF67A401121
FlsSetValue.KERNEL32 ref: 00007FF67A40114E
FlsSetValue.KERNEL32 ref: 00007FF67A40115F
FlsSetValue.KERNEL32 ref: 00007FF67A401170
SetLastError.KERNEL32 ref: 00007FF67A40118B
FlsGetValue.KERNEL32 ref: 00007FF67A4011C1
FlsSetValue.KERNEL32 ref: 00007FF67A4011E0

Part of subcall function 00007FF67A404ABC: HeapAlloc.KERNEL32(?,?,00000000,00007FF67A4012B6,?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?), ref: 00007FF67A404B11

FlsSetValue.KERNEL32 ref: 00007FF67A401208

Part of subcall function 00007FF67A404454: RtlFreeHeap.NTDLL(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A40446A
Part of subcall function 00007FF67A404454: GetLastError.KERNEL32(?,?,?,00007FF67A40E5C2,?,?,?,00007FF67A40E93F,?,?,00000000,00007FF67A40C67C,?,?,?,00007FF67A40C5AF), ref: 00007FF67A404474

FlsSetValue.KERNEL32 ref: 00007FF67A401219
FlsSetValue.KERNEL32 ref: 00007FF67A40122A

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: 2d52a3bb37d6d36dfb8a5f7ee38180eb966f95766ed099e595ddcb8a032545f6
Instruction ID: 100ce537d0509120bcfc12f4e7e6170020ed9061168b1e6135c584f8d7f9d8da
Opcode Fuzzy Hash: 2d52a3bb37d6d36dfb8a5f7ee38180eb966f95766ed099e595ddcb8a032545f6
Instruction Fuzzy Hash: 2C415E26A3C20241FA68A377595517A21625F743B0F1447F9E83ECA7FFEE2EB441A300

Function 00007FF67A3C5DC0 Relevance: 17.9, APIs: 5, Strings: 5, Instructions: 365COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C631A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C6320
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C6326
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C632C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C6332

Strings

; expected , xrefs: 00007FF67A3C6277
; last read: ', xrefs: 00007FF67A3C5FEC
syntax error , xrefs: 00007FF67A3C5DFD
unexpected , xrefs: 00007FF67A3C6177
while parsing , xrefs: 00007FF67A3C5E66

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ; expected $; last read: '$syntax error $unexpected $while parsing
API String ID: 3668304517-4239264347
Opcode ID: d8ec020af4906ba83bac0fda7dd28d6df5c5a2a76fe582c9c531894715449f51
Instruction ID: 86974ff45ac05c896e2b5d8cccac4c022014e0bbe77495e83cf2bd56cc4cab44
Opcode Fuzzy Hash: d8ec020af4906ba83bac0fda7dd28d6df5c5a2a76fe582c9c531894715449f51
Instruction Fuzzy Hash: A7F18463F2469189FB00DFA5D8403ED2B72AB417B8F605275DE1DA7AEADF7894C58300

Function 00007FF67A3DCB80 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3DCBFE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A3DCC47
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3DCDC3
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3DCDD6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3DCDDC

Strings

bad locale name, xrefs: 00007FF67A3DCDC9
true, xrefs: 00007FF67A3DCCFB
false, xrefs: 00007FF67A3DCCCE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: 7d0d5576e659e219aee7dd8fd1c1c89a3be7b9c8693a6a6153ae4918549f2811
Instruction ID: 543069bdaa3130a63ac7bd198b7b48c20a8efec1dc5937b66377c149e9eae664
Opcode Fuzzy Hash: 7d0d5576e659e219aee7dd8fd1c1c89a3be7b9c8693a6a6153ae4918549f2811
Instruction Fuzzy Hash: DB716E23B29B418AEB15DF71D8502BC37A5EF84758F140178DE4CA7AA9DF38E421C784

Function 00007FF67A3ED410 Relevance: 13.6, APIs: 9, Instructions: 127COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF67A3ED474
GetProcessId.KERNEL32 ref: 00007FF67A3ED47D

Part of subcall function 00007FF67A415370: EnterCriticalSection.KERNEL32 ref: 00007FF67A415380
Part of subcall function 00007FF67A415370: LeaveCriticalSection.KERNEL32 ref: 00007FF67A4153C0

RmStartSession.RSTRTMGR ref: 00007FF67A3ED4AC
RmRegisterResources.RSTRTMGR ref: 00007FF67A3ED4D5
RmGetList.RSTRTMGR ref: 00007FF67A3ED50E
RmGetList.RSTRTMGR ref: 00007FF67A3ED570
RmEndSession.RSTRTMGR ref: 00007FF67A3ED5AC

Part of subcall function 00007FF67A4153D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF67A391944), ref: 00007FF67A4153E0

RmEndSession.RSTRTMGR ref: 00007FF67A3ED5E4
RmEndSession.RSTRTMGR ref: 00007FF67A3ED5F9

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Session$CriticalSection$EnterListProcess$CurrentLeaveRegisterResourcesStart
String ID:
API String ID: 3440422588-0
Opcode ID: 93fd087dd890e0721090498d8606ad22e96d3fb8a918304c10cc0c02454d1560
Instruction ID: 2bc7912443579d23958b1dd501b499801c22f96e2c4602ac3466b87212364a47
Opcode Fuzzy Hash: 93fd087dd890e0721090498d8606ad22e96d3fb8a918304c10cc0c02454d1560
Instruction Fuzzy Hash: 47513F33B296018AE710CFA5E4406AC73B1BB88798F440575DA4EE7BA8DF3CE905CB40

Function 00007FF67A3FC3C4 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 489COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3FC408
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3FC7E0
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A3FCA8B

Strings

f, xrefs: 00007FF67A3FC52A
0, xrefs: 00007FF67A3FC830
p, xrefs: 00007FF67A3FC4BA
p, xrefs: 00007FF67A3FC532

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: 0$f$p$p
API String ID: 3215553584-1202675169
Opcode ID: 20a17dcc54312a4719634567cfff119de1b0c98f105182ac0e8ea3c8a1e1f82e
Instruction ID: 2837cf21f7b63dd4d9eb1d21dba8b93aac24c1c6c9a8e0739326f79b74df6aa0
Opcode Fuzzy Hash: 20a17dcc54312a4719634567cfff119de1b0c98f105182ac0e8ea3c8a1e1f82e
Instruction Fuzzy Hash: 9012C063E7C24386FB609E15D04467A7661FB80764F84497AE69EC66E8CF3CE884DF04

Function 00007FF67A404BE4 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,00000000,00007FF67A405292,?,?,00000030,00007FF67A40BF50,?,?,?,?,?,?,?), ref: 00007FF67A404D63
GetProcAddress.KERNEL32(?,00000000,00007FF67A405292,?,?,00000030,00007FF67A40BF50,?,?,?,?,?,?,?), ref: 00007FF67A404D6F

Strings

api-ms-, xrefs: 00007FF67A404CAD
ext-ms-, xrefs: 00007FF67A404CC0

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: ea1db75ad569a1f751d6f236fcb11e3532b51c7e1c493ad09dd3763442c21a1b
Instruction ID: edef71a477eb7636e4db50aa5cea31d2179f67a452bac93ab3fa9f4ba2fa61e7
Opcode Fuzzy Hash: ea1db75ad569a1f751d6f236fcb11e3532b51c7e1c493ad09dd3763442c21a1b
Instruction Fuzzy Hash: B9413663B3870281FA15DB27A9001766391BF55BE0F0941B5DD1DCB7ACEE3EE4409340

Function 00007FF67A3D2220 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF67A3D2289
InternetOpenUrlA.WININET ref: 00007FF67A3D22BE
InternetReadFile.WININET ref: 00007FF67A3D22DF
InternetReadFile.WININET ref: 00007FF67A3D231F
InternetCloseHandle.WININET ref: 00007FF67A3D232C
InternetCloseHandle.WININET ref: 00007FF67A3D2335

Strings

File Downloader, xrefs: 00007FF67A3D2282

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: 8631c50a7d7aeab745ffe52be2581e033ecdaeaf209ccd52c94b4234562f4027
Instruction ID: cbda10835d2fad7282527d53192642a9669d2e6a0652ffd86b1a78a3e708ee95
Opcode Fuzzy Hash: 8631c50a7d7aeab745ffe52be2581e033ecdaeaf209ccd52c94b4234562f4027
Instruction Fuzzy Hash: 86315E3362978182E7108F66F4506AAB360FB88B94F545035EE8D83B68DF7DE155CB00

Function 00007FF67A3CE200 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 187COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF67A3CE3DD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CE462
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CE468
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CE46E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CE474

Strings

invalid_iterator, xrefs: 00007FF67A3CE272

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: invalid_iterator
API String ID: 1944019136-2508626007
Opcode ID: 6373d4ae284ed067edb89ab867350e8ff58b7e5ed5f060a0eb34cf8dd729731b
Instruction ID: 256a9ff46f89c8e1b05c133400f279a49bed5869b4702eaa9b1b5ef271b61ab4
Opcode Fuzzy Hash: 6373d4ae284ed067edb89ab867350e8ff58b7e5ed5f060a0eb34cf8dd729731b
Instruction Fuzzy Hash: B571C463F29B4589FB00CF79D8413BC2361AB457A8F509371EE5CA66E9EE3CA185C340

Function 00007FF67A3CB9F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF67A3CBBD1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CBC5B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CBC61
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CBC67
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3CBC6D

Strings

out_of_range, xrefs: 00007FF67A3CBA60

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: out_of_range
API String ID: 1944019136-3053435996
Opcode ID: f034ebdfa626e4f2b8545fb8a5c00e60822f5f7df233ea77256a503c2671a737
Instruction ID: cef90a7b581995bdb272ab025187d6783bd123a4e6e20e237d644db592e9c68b
Opcode Fuzzy Hash: f034ebdfa626e4f2b8545fb8a5c00e60822f5f7df233ea77256a503c2671a737
Instruction Fuzzy Hash: 35719363F28B8689FB00CF79D4403EC2361AB557A8F409771EA5C966EAEE7CD195C300

Function 00007FF67A3A6F90 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF67A3A7171
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A71FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A7201
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A7207
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A720D

Strings

other_error, xrefs: 00007FF67A3A7000

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: other_error
API String ID: 1944019136-896093151
Opcode ID: cafb1c7d775c8fc8f368e604fb96d6e4c2f5a7e68f84fbfad756204a80c51c56
Instruction ID: 3031ceee520b31c6a03019398b41ed8299175b463a35f5b2cc6127d32e7aa85a
Opcode Fuzzy Hash: cafb1c7d775c8fc8f368e604fb96d6e4c2f5a7e68f84fbfad756204a80c51c56
Instruction Fuzzy Hash: 3671B463F24B8589FB00CF79D4803ED6362AB553A8F409771EA5C96AE9EE7CD195C300

Function 00007FF67A3A63E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF67A3A65BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A6642
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A6648
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A664E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A6654

Strings

type_error, xrefs: 00007FF67A3A6452

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: type_error
API String ID: 1944019136-1406221190
Opcode ID: fa151557f7cd5f0a3cfbdf51518d4d57f7be2016b1bcd6949a45317675b1fda3
Instruction ID: a08d43f4070dde6c8acfe8acecfb3655329a59f3d9b0930d0759a72dd633e2a5
Opcode Fuzzy Hash: fa151557f7cd5f0a3cfbdf51518d4d57f7be2016b1bcd6949a45317675b1fda3
Instruction Fuzzy Hash: DB71C363F29B4588FB00CF79D4553BC2322AB553A8F009371EE5CA66E9EE7CA185C340

Function 00007FF67A3BB300 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB4A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB4A8
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3BB4E0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF67A3BB4ED

Strings

at line , xrefs: 00007FF67A3BB38A
, column , xrefs: 00007FF67A3BB3B8

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
String ID: at line $, column
API String ID: 729085983-191570568
Opcode ID: f7c5522b9465ec32394d11f34281698112e2604be269cbd79ec38097c54cc68c
Instruction ID: 00e0baf096acb267786399f737056c4c1f8c748c22e33949aa70b86cefa92e20
Opcode Fuzzy Hash: f7c5522b9465ec32394d11f34281698112e2604be269cbd79ec38097c54cc68c
Instruction Fuzzy Hash: 7F51D673A28B4181EB149F1AE14126E6322FB85BE0F104271EB9C83BEADF3CD4918740

Function 00007FF67A412E64 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF67A412E95
GetLastError.KERNEL32 ref: 00007FF67A412EA1
CloseHandle.KERNEL32 ref: 00007FF67A412EB9
CreateFileW.KERNEL32 ref: 00007FF67A412EE4
WriteConsoleW.KERNEL32 ref: 00007FF67A412F03

Strings

CONOUT$, xrefs: 00007FF67A412EC5

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 3e87a9d24b09cb7ed727a1284b1e7e38199b0e79d20510dbc5928c805aadcfb1
Instruction ID: d1d274442013bc88f306c6e3190df9a4e3aa3affd4d79aad64418cdaed1c1ff5
Opcode Fuzzy Hash: 3e87a9d24b09cb7ed727a1284b1e7e38199b0e79d20510dbc5928c805aadcfb1
Instruction Fuzzy Hash: ED118162628B4182E7508B57E854329A3A0FB88FE5F004274EA6DC77B8DF3ED4148744

Function 00007FF67A3964A0 Relevance: 9.3, APIs: 6, Instructions: 322COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A4153D0: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF67A391944), ref: 00007FF67A4153E0

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39696A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A396970
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A396976
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A39697C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A396982
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A396988

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID:
API String ID: 555700303-0
Opcode ID: 67c30172e01021a1a2b2e5c4eda750d777d23457661e5aa8fea52c950020d6e6
Instruction ID: 061e7e7a4103d542ac4d7ac3e4723869f21fc5f677623880eaf801a5169ba2b4
Opcode Fuzzy Hash: 67c30172e01021a1a2b2e5c4eda750d777d23457661e5aa8fea52c950020d6e6
Instruction Fuzzy Hash: 11D1CF63B29A8285FB108F69D5502BD2362AB497A8F405671EA5DD7BE9DF3CE081C301

Function 00007FF67A41DEE4 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF67A41DF8D
MultiByteToWideChar.KERNEL32 ref: 00007FF67A41E030
MultiByteToWideChar.KERNEL32 ref: 00007FF67A41E0D1
MultiByteToWideChar.KERNEL32 ref: 00007FF67A41E11B
MultiByteToWideChar.KERNEL32 ref: 00007FF67A41E1B2
CompareStringEx.KERNEL32 ref: 00007FF67A41E1E5

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: 1f222af0314fcbf6c58ca9d58d599dac593cbc3de6a245fd672c9df98935204f
Instruction ID: 9d719518c71386c72ba0cd5bc9008a6065ac5f4b26f05d77576d04ee3d9c8486
Opcode Fuzzy Hash: 1f222af0314fcbf6c58ca9d58d599dac593cbc3de6a245fd672c9df98935204f
Instruction Fuzzy Hash: 75A11437B2838286FF308B22D4513B96691AF447A4F480671EA5D87BEDDF7EE4208344

Function 00007FF67A41DB88 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF67A41DBFA
MultiByteToWideChar.KERNEL32 ref: 00007FF67A41DCA2
LCMapStringEx.KERNEL32 ref: 00007FF67A41DCD9
LCMapStringEx.KERNEL32 ref: 00007FF67A41DD32
LCMapStringEx.KERNEL32 ref: 00007FF67A41DDDF
WideCharToMultiByte.KERNEL32 ref: 00007FF67A41DE21

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: 1f3243329c99890ad18f8a7cec79f33d9315a9a6983336c811db799711a53098
Instruction ID: da5f3e3337eaa43f644872dda22fe7ab5d7afb879156416ebd7f9da605b53193
Opcode Fuzzy Hash: 1f3243329c99890ad18f8a7cec79f33d9315a9a6983336c811db799711a53098
Instruction Fuzzy Hash: 7A81C273A29B4182EF608F22D44077963A1FF94BA8F040675EA5D97BE8DF7DE4118700

Function 00007FF67A401254 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A401263
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A401299
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A4012C6
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A4012D7
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A4012E8
SetLastError.KERNEL32(?,?,8000000000000000,00007FF67A3FD1D5,?,?,?,?,00007FF67A406E44,?,?,?,00007FF67A4171A3), ref: 00007FF67A401303

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 3fb94930e8d310cf8687c67c78b30c4d55b0f224f4bef0ecbf114cb03a3ab9f6
Instruction ID: 49eb6dad0320a929e182b18a53c4aeba2fbc4408bbe0a31d26bb660895e6acf3
Opcode Fuzzy Hash: 3fb94930e8d310cf8687c67c78b30c4d55b0f224f4bef0ecbf114cb03a3ab9f6
Instruction Fuzzy Hash: EE11AE22B3C28246FA54A377565017A21925F647B0F1003F8E83ED67FEEE2EA441A300

Function 00007FF67A3E1A50 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF67A3E1A93
EnterCriticalSection.KERNEL32(?,?,?,00007FF67A3E1A24), ref: 00007FF67A3E1AA5
EnterCriticalSection.KERNEL32 ref: 00007FF67A3E1AB5
GdiplusShutdown.GDIPLUS ref: 00007FF67A3E1AC3
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E1AD0
LeaveCriticalSection.KERNEL32 ref: 00007FF67A3E1ADA

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: 30679f12dbbd152e61c0fe2a4bbedbaa7e9dfe4d4c4f42536384a88b64d7b78a
Instruction ID: 9f396d7d7ddc0805a5234c2647141e460670cf48f24dd479ed9510958f3eee0b
Opcode Fuzzy Hash: 30679f12dbbd152e61c0fe2a4bbedbaa7e9dfe4d4c4f42536384a88b64d7b78a
Instruction Fuzzy Hash: 82113D33529B41C1EB109F26E844028B3B4FF54FA5B584275D69D836B8CF3DD896C340

Function 00007FF67A3A80E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 172COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3A814F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A3A8197
_Getcoll.LIBCPMT ref: 00007FF67A3A81CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3A82CA

Strings

bad locale name, xrefs: 00007FF67A3A82D0

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::__invalid_parameter_noinfo_noreturn
String ID: bad locale name
API String ID: 818938248-1405518554
Opcode ID: 3e48039cb6299e80eb77bcc41b0a2d3b1a2936e918a8e4afd8f24e70d94dd675
Instruction ID: 0c5fc8eae4447d9462451d7b255bce257612d2d5204d8c721d865b1a4333aed3
Opcode Fuzzy Hash: 3e48039cb6299e80eb77bcc41b0a2d3b1a2936e918a8e4afd8f24e70d94dd675
Instruction Fuzzy Hash: FB71AC23B26B418AFF14DFB5E4503BC3366AF44768F004175EE5DA7AA9DE38D0618384

Function 00007FF67A3B61F0 Relevance: 7.7, APIs: 5, Instructions: 234COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B62E6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B62F2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B6385
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3B63FE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A3B6446

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnstd::_$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockitLockit::_
String ID:
API String ID: 2759874623-0
Opcode ID: 630db9639453cfbfdb5905753b83a3dbc2dcbdd4757e5410f93e4ef9431ec585
Instruction ID: 5b18214c714824b3da920190545b0bfbbf77165a4c678d9f55f2c079fcef9286
Opcode Fuzzy Hash: 630db9639453cfbfdb5905753b83a3dbc2dcbdd4757e5410f93e4ef9431ec585
Instruction Fuzzy Hash: 0B919E33B29B4189EB14DF61E4403BD33A5EF44BA8F084675EE5D97AAADF38D4618340

Function 00007FF67A3E9140 Relevance: 7.6, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00007FF67A3E9172
GetWindowRect.USER32 ref: 00007FF67A3E9183
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E92FC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E9302
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E9308

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Window$DesktopRect
String ID:
API String ID: 1991322523-0
Opcode ID: 8bf5badb92777a96b12c27d7376b26c04db940d8e94f5480e2108a89df877fcf
Instruction ID: 92881711b8fb6aceac0ab73a355ac656d95043a41d0d692b1998207969f8d3df
Opcode Fuzzy Hash: 8bf5badb92777a96b12c27d7376b26c04db940d8e94f5480e2108a89df877fcf
Instruction Fuzzy Hash: BE418263A2C78541EE109F69F44536AA351EF857A4F504771E6ACC6BFADE3DD4808B00

Function 00007FF67A4141B4 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF67A4141DC
_set_statfp.LIBCMT ref: 00007FF67A4141F7
_set_statfp.LIBCMT ref: 00007FF67A414213
_set_statfp.LIBCMT ref: 00007FF67A41424F

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
Instruction ID: 95fce7a017fb7026962fc9ae54fe60787bd077246fd31e9504a08cbd6fa0fa3e
Opcode Fuzzy Hash: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
Instruction Fuzzy Hash: 2F11E3ABE7CA0302F6541166D9453B511506F683B8F440AF8F97E866FEAE1FA8924301

Function 00007FF67A40131C Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF67A3F89C7,?,?,00000000,00007FF67A3F8C62,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A40133B
FlsSetValue.KERNEL32(?,?,?,00007FF67A3F89C7,?,?,00000000,00007FF67A3F8C62,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A40135A
FlsSetValue.KERNEL32(?,?,?,00007FF67A3F89C7,?,?,00000000,00007FF67A3F8C62,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A401382
FlsSetValue.KERNEL32(?,?,?,00007FF67A3F89C7,?,?,00000000,00007FF67A3F8C62,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A401393
FlsSetValue.KERNEL32(?,?,?,00007FF67A3F89C7,?,?,00000000,00007FF67A3F8C62,?,?,?,?,8000000000000000,00007FF67A3F8BEE), ref: 00007FF67A4013A4

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: a4fb289c786a0eca790088b9bcd761b8d76418df99202d3b5e7beb8be43a49ad
Instruction ID: 20c98248e68b52470443027117569943ef9a938118c22c9123e489b56da36f2d
Opcode Fuzzy Hash: a4fb289c786a0eca790088b9bcd761b8d76418df99202d3b5e7beb8be43a49ad
Instruction Fuzzy Hash: 24113D12A3C24241FA58A3375A5157A61915F647B0F1447F9E83E86BFEEE2EE441A700

Function 00007FF67A3B7080 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

ios_base::badbit set, xrefs: 00007FF67A3B70E7
ios_base::failbit set, xrefs: 00007FF67A3B70F2
ios_base::eofbit set, xrefs: 00007FF67A3B70F9

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 0-1866435925
Opcode ID: e0f0697e29cf140b8ec4918c7538444e865b456e99957fe85f44bf5cc242374e
Instruction ID: e3c4632cb6426e29a0221d49ff0f0541d47a2895e29e3fdf0276c69810526a9d
Opcode Fuzzy Hash: e0f0697e29cf140b8ec4918c7538444e865b456e99957fe85f44bf5cc242374e
Instruction Fuzzy Hash: E791B923A29A85C2EB14CF19E4443ADB366FB48BD4F544172EA9D87BA8DF3CC491C740

Function 00007FF67A3D5F90 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3D62D8

Strings

Subcommands:, xrefs: 00007FF67A3D6166
Positional arguments:, xrefs: 00007FF67A3D607E
Optional arguments:, xrefs: 00007FF67A3D60EF

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Optional arguments:$Positional arguments:$Subcommands:
API String ID: 3668304517-2031040180
Opcode ID: 816267435a35a0d78f2cf947243fad65008e0525db3d833e2ec34da25788430d
Instruction ID: 8517761b59d97b0b8c7bf399b889133e15261d0bd97f1a3bdb75ab3b34ad2056
Opcode Fuzzy Hash: 816267435a35a0d78f2cf947243fad65008e0525db3d833e2ec34da25788430d
Instruction Fuzzy Hash: ECA1A9A3A28A4180EF14DF26E4843AC67A2EB44FD4F548076DA1EC77AACF7CD585C341

Function 00007FF67A3904B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 00007FF67A3905EB

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: ae0d6a02d63d35cb3a55785fbfa0ad02bd209fdb03e42c2fe57af30d188fe299
Instruction ID: a62d4d57de51bdefedad8e8e3c10a118dcecf321c3f3f7b2b980eb296f28629c
Opcode Fuzzy Hash: ae0d6a02d63d35cb3a55785fbfa0ad02bd209fdb03e42c2fe57af30d188fe299
Instruction Fuzzy Hash: B771E163F24B9185FB00CF7AD4412AC2761EB95BA8F504275EE599BBAADF78D081C340

Function 00007FF67A3E2CC0 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

__std_fs_get_current_path.LIBCPMT ref: 00007FF67A3E2D38

Part of subcall function 00007FF67A41C0FC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF67A41C104

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3E2EDA

Part of subcall function 00007FF67A38FA60: __std_exception_copy.LIBVCRUNTIME ref: 00007FF67A38FAED

Strings

current_path(), xrefs: 00007FF67A3E2EE0
--type, xrefs: 00007FF67A3E2CCB

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: CurrentDirectory__std_exception_copy__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
String ID: --type$current_path()
API String ID: 2526998938-584980331
Opcode ID: 11f1563b3bab9115ca760f64c3965c306fbea0127aadccaa6a521a725f07e0a8
Instruction ID: ffb89a0ae8172d7049ea8b1d779a62b2f8be64f98486f9f46e2ff8cefdb83133
Opcode Fuzzy Hash: 11f1563b3bab9115ca760f64c3965c306fbea0127aadccaa6a521a725f07e0a8
Instruction Fuzzy Hash: 99518F63F2475189EB10CFB5D8406AD37B5FB487A8F504639EE69A7BA8DF389481C310

Function 00007FF67A38E510 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A38E57E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A38E5C6
_Getctype.LIBCPMT ref: 00007FF67A38E604

Strings

bad locale name, xrefs: 00007FF67A38E6BD

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 5d25508214ec7044c54f7b6a54389aadf6d9a4272941ecba3a100e3fb4536ebf
Instruction ID: e38eed2aeb30e6619397c6f2c1f41e3473433cbb7c6bc488952ca6afc5a859c9
Opcode Fuzzy Hash: 5d25508214ec7044c54f7b6a54389aadf6d9a4272941ecba3a100e3fb4536ebf
Instruction Fuzzy Hash: B1517833B2AB418AEB44DF61D8802FC33A5AF40748F144579DE4DA7AAADF38D525C384

Function 00007FF67A3D7E8A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 00007FF67A3D7FC7

Part of subcall function 00007FF67A3CF820: CoInitializeEx.OLE32 ref: 00007FF67A3CF8CE

OpenMutexA.KERNEL32 ref: 00007FF67A3D80CF
ExitProcess.KERNEL32 ref: 00007FF67A3D80DF

Strings

APPB:, xrefs: 00007FF67A3D7F62
--key, xrefs: 00007FF67A3D7EE9
--type, xrefs: 00007FF67A3D7E9E

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ExitProcess$InitializeMutexOpen
String ID: --key$--type$APPB:
API String ID: 3710457153-2541764812
Opcode ID: f0dad4a55aebe92829e22db305535894228dfd5e9c5921f9cb9629a2b4d59aba
Instruction ID: 5dc809f6d5b6a35ba3687571614f4854408b8d0963317fc92c57bec978d3dce8
Opcode Fuzzy Hash: f0dad4a55aebe92829e22db305535894228dfd5e9c5921f9cb9629a2b4d59aba
Instruction Fuzzy Hash: 1F212F33628AC6A1EE21AF60E4513EAA351EF94390F405476E68DC75BAEF2DD609C740

Function 00007FF67A41BD98 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF67A41C482), ref: 00007FF67A41BDAE
GetProcAddress.KERNEL32(?,?,?,00007FF67A41C482), ref: 00007FF67A41BDBE

Strings

kernel32.dll, xrefs: 00007FF67A41BDA7
GetTempPath2W, xrefs: 00007FF67A41BDB7

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: 6f9f3995978003d1ccc8dec992d9ad662db8d21aec809d3de5c822f6ec52e1f4
Instruction ID: 328038575732dfd8df0fdbb28fccc5e12f3d9612dea93b4cc61079572b471549
Opcode Fuzzy Hash: 6f9f3995978003d1ccc8dec992d9ad662db8d21aec809d3de5c822f6ec52e1f4
Instruction Fuzzy Hash: 72E01A73A28E4292EF098B26F985075A361FF88BD1F188075D98E87339EE7DD4858740

Function 00007FF67A404144 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF67A4040E4), ref: 00007FF67A404267
GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF67A4040E4), ref: 00007FF67A4042F1

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: a5446ee033ab3a96d987ba82b954b746e7061da89c8fac301d0f6a6fa71b0e87
Instruction ID: 851d4e158d32c2e5fa486b9415d62b5b5283d1d9330522c7028ed9ebc8b16be1
Opcode Fuzzy Hash: a5446ee033ab3a96d987ba82b954b746e7061da89c8fac301d0f6a6fa71b0e87
Instruction Fuzzy Hash: FB91D173B3865289FB50CB6698402BE27A0BB64B88F5451F5DE0E97AACCF3AD441D710

Function 00007FF67A423E38 Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423E79
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423EF9
_invalid_parameter_noinfo.LIBCMT ref: 00007FF67A423F4D
_get_daylight.LIBCMT ref: 00007FF67A423FA5

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: 7f2af6dd734c9f49134f5f6cb4caa58708795f3dc7952dab5fe11fe3ab74a09c
Instruction ID: a341d8954269e1a4170b73a7ce17d4bc98198643abaaf59bfe74504d624e4b88
Opcode Fuzzy Hash: 7f2af6dd734c9f49134f5f6cb4caa58708795f3dc7952dab5fe11fe3ab74a09c
Instruction Fuzzy Hash: 11518023E2CA0386F76DCE2AA50537965B1EF40714F1A44B9DA4DC62FEDE6EF8408741

Function 00007FF67A3ADD8E Relevance: 6.1, APIs: 4, Instructions: 148COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb3d7264b8b674bf82fce66e91665e7e2bda2521a4e4f6b3e39894c39e276e61
Instruction ID: a2585cc5f3fa4e2d8b5e2e2686353c2cdf0ddb23d1e787b0e0ffb78dcd44bcda
Opcode Fuzzy Hash: bb3d7264b8b674bf82fce66e91665e7e2bda2521a4e4f6b3e39894c39e276e61
Instruction Fuzzy Hash: 95411623B2975646EA245F26A4403B9A291AF557E4F140671FF9DC7BE6DF3CE0918300

Function 00007FF67A3C5A80 Relevance: 6.1, APIs: 4, Instructions: 147COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5BD8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5BDE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5BE4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3C5C4C

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: e17a87e0dac188715d7de44836a78e224ef073b665df49492f96d06277b00cdc
Instruction ID: 318161aef37147fc1daf2b0dbbb0d10e30e222481037b8fc25ac9611573e44f1
Opcode Fuzzy Hash: e17a87e0dac188715d7de44836a78e224ef073b665df49492f96d06277b00cdc
Instruction Fuzzy Hash: CB519C73725B8582EA088F65E44427C73A5FB44FA4F544676EA5C87BE9CF2CD4A0C340

Function 00007FF67A3A1D90 Relevance: 6.1, APIs: 4, Instructions: 115COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A41D090: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A41D0AD
Part of subcall function 00007FF67A41D090: std::locale::_Setgloballocale.LIBCPMT ref: 00007FF67A41D0D0

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3A1DD1
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3A1DF6
std::_Facet_Register.LIBCPMT ref: 00007FF67A3A1EA2
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A1F04

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_RegisterSetgloballocalestd::locale::_
String ID:
API String ID: 3698853521-0
Opcode ID: cd937c2163436b9fb287f8dcd4740911990055bdb6793be5d7727d4a2ed8b4cb
Instruction ID: 42ede6a69d51ce62a96f8c2de42a36a0a1ad3d6a3a99ff90451d594c8e0f7611
Opcode Fuzzy Hash: cd937c2163436b9fb287f8dcd4740911990055bdb6793be5d7727d4a2ed8b4cb
Instruction Fuzzy Hash: 0A417E37A28B5181EA20DF12E85467A73A5FB44BA4F540572EA9DC37B9DF3DE451C300

Function 00007FF67A3DE3B0 Relevance: 6.1, APIs: 4, Instructions: 103COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3DE4FA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3DE500
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3DE50C
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3DE512

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: b30ae2a1adf495e9d439415c37c45efc14ad700a5141eea4e88dcc01de75cced
Instruction ID: 1282280f2b70148bee35b02d1de5d7e7cb5abbf60d3970ed46f295be82514510
Opcode Fuzzy Hash: b30ae2a1adf495e9d439415c37c45efc14ad700a5141eea4e88dcc01de75cced
Instruction Fuzzy Hash: C9417C73B29B46C9EB18CFA4C4553BC2B61AB447A8F244A71DA1DD6AE9DE78D084C300

Function 00007FF67A3A3BC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3A3BEB
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3A3C10
std::_Facet_Register.LIBCPMT ref: 00007FF67A3A3CBB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3A3D06

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: 0369a9c64f1772f6bca1fded505bf389f4c46f7af8db3148ec6ac7e1e0e24fe9
Instruction ID: 93a1e89193571bd6b36df2515379690417b003bd559d0163f832be2fd6215eca
Opcode Fuzzy Hash: 0369a9c64f1772f6bca1fded505bf389f4c46f7af8db3148ec6ac7e1e0e24fe9
Instruction Fuzzy Hash: 53419127A28B4281EF25DF16E8443796761FB84BA4F180671EA4DC77B9EE3DE542C700

Function 00007FF67A41BF7C Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF67A41BFC5
GetLastError.KERNEL32 ref: 00007FF67A41BFD3
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF67A3A3E79), ref: 00007FF67A41C008
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF67A3A3E79), ref: 00007FF67A41C016

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: a35a7af96b277efd2b3ef8961dad066aa662e8996eab021f8be0da18f0958b31
Instruction ID: eadeec97b1045164426315e697c2a66194ac3fdeb610086dd788ff4366dff339
Opcode Fuzzy Hash: a35a7af96b277efd2b3ef8961dad066aa662e8996eab021f8be0da18f0958b31
Instruction Fuzzy Hash: 1B215477A28B5587E7608F16E44432EBBB4F798B84F244174DB8993B68DF3DD4118B40

Function 00007FF67A41C468 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A41BD98: GetModuleHandleW.KERNEL32(?,?,?,00007FF67A41C482), ref: 00007FF67A41BDAE
Part of subcall function 00007FF67A41BD98: GetProcAddress.KERNEL32(?,?,?,00007FF67A41C482), ref: 00007FF67A41BDBE

GetLastError.KERNEL32 ref: 00007FF67A41C48C
GetFileAttributesW.KERNEL32 ref: 00007FF67A41C49B
__std_fs_open_handle.LIBCPMT ref: 00007FF67A41C4C4
CloseHandle.KERNEL32 ref: 00007FF67A41C4D6

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Handle$AddressAttributesCloseErrorFileLastModuleProc__std_fs_open_handle
String ID:
API String ID: 3095436882-0
Opcode ID: 6c31786f829653212935232cf3d85fa5a40863707855e3c977216cfbe1f658b8
Instruction ID: 469c56baea746dfed2e85e804db8df8c1ddf2c638d0728180bd756c60756ada5
Opcode Fuzzy Hash: 6c31786f829653212935232cf3d85fa5a40863707855e3c977216cfbe1f658b8
Instruction Fuzzy Hash: F611B623B3C54285E6709727E9442396750DB847B5F201670E5BAC6AF8DE3DD0508B00

Function 00007FF67A41BD20 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF67A41BD40
GetLastError.KERNEL32 ref: 00007FF67A41BD4A
SetFileInformationByHandle.KERNEL32 ref: 00007FF67A41BD7D
GetLastError.KERNEL32 ref: 00007FF67A41BD87

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: ef666a5330756d5a635ca31cfb1b723dc77e2aec855cfe130d87bc9277cbf906
Instruction ID: a08ee790f378e4f2c47c3ccc74ff006bb54d021916bf0187735cac38413fd6f9
Opcode Fuzzy Hash: ef666a5330756d5a635ca31cfb1b723dc77e2aec855cfe130d87bc9277cbf906
Instruction Fuzzy Hash: 01F0F433A2818282F7A85B73D8586B426A0EF55741F1409B4D68ADA5BCDF2EE9958300

Function 00007FF67A3B1500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3B1695
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF67A3B16E1

Strings

conditional not closed, xrefs: 00007FF67A3B169B, 00007FF67A3B16BE

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: conditional not closed
API String ID: 73155330-2481790218
Opcode ID: de053c112b64e768f8428813dd411f94ee97544ab1db2f6cb749ea2c733d172c
Instruction ID: 648d2c7d479e5c563497fc221ee9e0abd6bbf4ad218d61cffe397cc6e1f0805b
Opcode Fuzzy Hash: de053c112b64e768f8428813dd411f94ee97544ab1db2f6cb749ea2c733d172c
Instruction Fuzzy Hash: 4A51D563A28A86C1EA50CF29D4402B96763FF947E4F545272EA5EC72B9EF3DD494C300

Function 00007FF67A3BB520 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF67A3ADD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF67A3ADEDD
Part of subcall function 00007FF67A3ADD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF67A3ADF15

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB741
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF67A3BB747

Strings

exists, xrefs: 00007FF67A3BB734

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn
String ID: exists
API String ID: 522447391-2996790960
Opcode ID: 0812b07cca2c7e13efabdba849dce9808f902fe97657f9a56c61faa4ce2bafba
Instruction ID: 365f214958a9085244a4fa6d8170ceb1d93820001337b2037d6b0c266b715fa6
Opcode Fuzzy Hash: 0812b07cca2c7e13efabdba849dce9808f902fe97657f9a56c61faa4ce2bafba
Instruction Fuzzy Hash: CA519F73B24B8689FB00DFA5D4453AC3322EB487A8F405636EE5C97BA9EE38D551C344

Function 00007FF67A3DCDF0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3DCE5E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A3DCEA6

Strings

bad locale name, xrefs: 00007FF67A3DCF7B

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: d3c72544cd645b69e8a2c5bf7666d31f89d387f88ea681514652529d93fb1af9
Instruction ID: d74707540e8c827e5aa2d2d8a4f22fc958ee7af9f2a991177a8280151910d52f
Opcode Fuzzy Hash: d3c72544cd645b69e8a2c5bf7666d31f89d387f88ea681514652529d93fb1af9
Instruction Fuzzy Hash: C6515A33B29A4189EB14DF71D4902B823A8EF44B58F140475EA4DA7AA9DE38D525D384

Function 00007FF67A3B6390 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF67A3B63FE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF67A3B6446

Strings

bad locale name, xrefs: 00007FF67A3B6525

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: f2da8db68162ba056228c46117a7daadb370c3837c43f6d530888027403bb8d8
Instruction ID: 81aba4bc8d5bcdc0e5c21b531f570011cea316f09ec4510f5e249784cba095a1
Opcode Fuzzy Hash: f2da8db68162ba056228c46117a7daadb370c3837c43f6d530888027403bb8d8
Instruction Fuzzy Hash: 2C517833B2AA4189EB14DF61D8912FC33A5EF44718F040575EA4DA3AAADF38D422C344

Function 00007FF67A409C24 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF67A40ECAC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF67A40ECDF

_get_daylight.LIBCMT ref: 00007FF67A409D3C
_get_daylight.LIBCMT ref: 00007FF67A409D4D

Strings

?, xrefs: 00007FF67A409CCD

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: a3b13d974e2cd164ba41b4e4a9c5cd7494e93de61a48e4dfc92e765cfa0c422b
Instruction ID: 4adf3e0448f96344c3b0e9c86ca161e5f072c85ff15dbdc3795a3a8dd5e7619c
Opcode Fuzzy Hash: a3b13d974e2cd164ba41b4e4a9c5cd7494e93de61a48e4dfc92e765cfa0c422b
Instruction Fuzzy Hash: B041C913A3874141F7249B27984137B66A0EFA07A4F1441B5FF5D86AEEDF3ED4419700

Function 00007FF67A403E14 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF67A403F2B
GetLastError.KERNEL32 ref: 00007FF67A403F4D

Strings

U, xrefs: 00007FF67A403ED7

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: bee17eca91563b03ee591555d47daf55e6df060aa8ca0c42c3912dffb49774b0
Instruction ID: 03563a3cb74ffd5951cc9a3556bca21ad0bd5341492580465a5b6df308134021
Opcode Fuzzy Hash: bee17eca91563b03ee591555d47daf55e6df060aa8ca0c42c3912dffb49774b0
Instruction Fuzzy Hash: 4741A223A38A4181DB60CF26E4443AAA7A0FB98B84F854171EE4DC77A8DF3DE441C750

Function 00007FF67A408F98 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF67A408FEC
_set_errno_from_matherr.LIBCMT ref: 00007FF67A409059

Strings

exp, xrefs: 00007FF67A408FC7

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 4150a5858f8c1529622c9a3be3afac75e5a34536c3a73a8c8f4fb5056da0edb7
Instruction ID: 1f772b751eb24cc1c9014e2d9fa489630135a81c93f69f1a6870a31f95766d8a
Opcode Fuzzy Hash: 4150a5858f8c1529622c9a3be3afac75e5a34536c3a73a8c8f4fb5056da0edb7
Instruction Fuzzy Hash: 4E214637E24A158EE740CF79D8402AE33B0FB58348F4015B9FA0DA2B5ADF39E5419B40

Function 00007FF67A418404 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF67A41CE76), ref: 00007FF67A418448
RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF67A41CE76), ref: 00007FF67A41848E

Strings

csm, xrefs: 00007FF67A41847B

Memory Dump Source

Source File: 00000000.00000002.1961095305.00007FF67A361000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF67A360000, based on PE: true

Associated: 00000000.00000002.1961072653.00007FF67A360000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961182946.00007FF67A438000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961218781.00007FF67A464000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961240104.00007FF67A466000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961261597.00007FF67A469000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1961290171.00007FF67A46D000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff67a360000_file.jbxd

Similarity

API ID: ExceptionFileHeaderRaise
String ID: csm
API String ID: 2573137834-1018135373
Opcode ID: 16aa976642c7796b59811f77f3d663cd3a8b54534e2f5bb095776f4baf69a92e
Instruction ID: e9a7cea6305d010e7cca4ef54c16a091c4c65265dd30a174c5e1796fc4bb1ccf
Opcode Fuzzy Hash: 16aa976642c7796b59811f77f3d663cd3a8b54534e2f5bb095776f4baf69a92e
Instruction Fuzzy Hash: B5111233618B4182EB518F26E440269B7A5FB84B99F284271DFCD47768EF3DD561CB40

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A3D1CF0 CryptUnprotectData,LocalFree,		0_2_00007FF67A3D1CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF67A397C80 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,		0_2_00007FF67A397C80

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.4:49730 -> 176.124.204.206:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.4:49730 -> 176.124.204.206:15666
Source: Network traffic	Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.4:49730 -> 176.124.204.206:15666

Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152
Source: Joe Sandbox View	IP Address: 172.67.74.152 172.67.74.152

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTPS Proxied Packets

Statistics

Windows Analysis Report
file.exe

Function 00007FF67A3E9310 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 374
windowCOMMON

Function 00007FF67A3EBA60 Relevance: 50.4, APIs: 19, Strings: 9, Instructions: 1387
COMMON

Function 00007FF67A3D77F0 Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 585
COMMON

Function 00007FF67A39D510 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 864
libraryloaderCOMMON

Function 00007FF67A3C1A80 Relevance: 28.6, APIs: 11, Strings: 5, Instructions: 571
COMMON

Function 00007FF67A41C138 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Function 00007FF67A39C9C0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 668
COMMON

Function 00007FF67A3F2150 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 421
COMMON

Function 00007FF67A3E8210 Relevance: 19.9, APIs: 13, Instructions: 431
networkCOMMON

Function 00007FF67A3E8A50 Relevance: 19.6, APIs: 10, Strings: 1, Instructions: 377
networkfileCOMMON

Function 00007FF67A39E5A0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324
processCOMMON

Function 00007FF67A3E1B00 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Function 00007FF67A3E3030 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 193
networkCOMMON

Function 00007FF67A3EB136 Relevance: 16.9, APIs: 11, Instructions: 377
COMMON

Function 00007FF67A3C14C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 225
COMMON

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre