Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1521588
MD5:	de030225e0b09c45241b8169a8a96155
SHA1:	bf568cfc34b708da4e740b13e91058d3a241fdd9
SHA256:	85d96a1ba8fa7426e48bcf430d305c6e4764db53fb86abbe53d9b80c5e474e72
Tags:	exex64user-jstrosch
Infos:

Detection

CredGrabber, Meduza Stealer

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected CredGrabber

Yara detected Meduza Stealer

AI detected suspicious sample

Found many strings related to Crypto-Wallets (likely being stolen)

Machine Learning detection for sample

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to steal Mail credentials (via file / registry access)

Contains functionality to access loader functionality (e.g. LdrGetProcedureAddress)

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to check if a debugger is running (OutputDebugString,GetLastError)

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to record screenshots

Detected TCP or UDP traffic on non-standard ports

Detected potential crypto function

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

May check the online IP address of the machine

PE file contains sections with non-standard names

Queries the volume information (name, serial number etc) of a device

Queries time zone information

Terminates after testing mutex exists (may check infected machine status)

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 2064 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DE030225E0B09C45241B8169A8A96155)

cleanup

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 2064	JoeSecurity_MeduzaStealer	Yara detected Meduza Stealer	Joe Security
Process Memory Space: file.exe PID: 2064	JoeSecurity_CredGrabber	Yara detected CredGrabber	Joe Security
Process Memory Space: file.exe PID: 2064	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security

Suricata Signatures

ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-29T00:53:22.368592+0200	2049441	1	A Network Trojan was detected	192.168.2.7	49704	176.124.204.206	15666	TCP

ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-29T00:53:22.368592+0200	2050806	1	A Network Trojan was detected	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.375741+0200	2050806	1	A Network Trojan was detected	192.168.2.7	49704	176.124.204.206	15666	TCP

ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-09-29T00:53:22.368592+0200	2050807	1	A Network Trojan was detected	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.375741+0200	2050807	1	A Network Trojan was detected	192.168.2.7	49704	176.124.204.206	15666	TCP

Code function: 0_2_00007FF763358400 InternetOpenA,InternetOpenUrlA,HttpQueryInfoW,HttpQueryInfoW,InternetQueryDataAvailable,InternetReadFile,InternetQueryDataAvailable,InternetCloseHandle,_invalid_parameter_noinfo_noreturn,Concurrency::cancel_current_task,

0_2_00007FF763358400

Source: global traffic

HTTP traffic detected: GET / HTTP/1.1Accept: text/html; text/plain; */*Host: api.ipify.orgCache-Control: no-cache

Source: global traffic	DNS traffic detected: DNS query: time.windows.com
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: file.exe, 00000000.00000003.1369057073.000001EA4B82D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://crl.m
Source: file.exe, 00000000.00000003.1368512194.000001EA4DFB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2600221699.000001EA4DFC0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ns.microsoft.t/Regi
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org
Source: file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://api.ipify.org/~
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta
Source: file.exe, 00000000.00000003.1374444105.000001EA4E0F3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000003.1386227021.000001EA4E280000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E107000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e
Source: file.exe, 00000000.00000003.1381574540.000001EA4D643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D570000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D64B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386227021.000001EA4E18D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0
Source: file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
Source: file.exe, 00000000.00000003.1381574540.000001EA4D643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D570000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D64B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386227021.000001EA4E18D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.jXqaKJMO4ZEP
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.NYz0wxyUaYSW
Source: file.exe, 00000000.00000003.1381574540.000001EA4D653000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/gro.allizom.www.d
Source: file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.1381574540.000001EA4D653000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D9000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705

Source: unknown

HTTPS traffic detected: 104.26.13.205:443 -> 192.168.2.7:49705 version: TLS 1.2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF763358CC0 GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetSystemMetrics,GetDC,GetDeviceCaps,GetDeviceCaps,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,BitBlt,SHCreateMemStream,SelectObject,DeleteDC,ReleaseDC,DeleteObject,EnterCriticalSection,LeaveCriticalSection,GetObjectW,IStream_Size,IStream_Reset,IStream_Read,SelectObject,DeleteDC,ReleaseDC,DeleteObject,DeleteObject,EnterCriticalSection,EnterCriticalSection,GdiplusShutdown,LeaveCriticalSection,LeaveCriticalSection,_invalid_parameter_noinfo_noreturn,

0_2_00007FF763358CC0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335D700 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,		0_2_00007FF76335D700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335CFC0 GetModuleHandleA,GetProcAddress,OpenProcess,NtQuerySystemInformation,NtQuerySystemInformation,GetCurrentProcess,NtQueryObject,GetFinalPathNameByHandleA,CloseHandle,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,		0_2_00007FF76335CFC0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763360440	0_2_00007FF763360440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76332E4E0	0_2_00007FF76332E4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330D510	0_2_00007FF76330D510
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763358400	0_2_00007FF763358400
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335B410	0_2_00007FF76335B410
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633012C0	0_2_00007FF7633012C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633471A0	0_2_00007FF7633471A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633518D0	0_2_00007FF7633518D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335A760	0_2_00007FF76335A760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633796B8	0_2_00007FF7633796B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330E5A0	0_2_00007FF76330E5A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330EC50	0_2_00007FF76330EC50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763352D10	0_2_00007FF763352D10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763358CC0	0_2_00007FF763358CC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763300BD0	0_2_00007FF763300BD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763357BC0	0_2_00007FF763357BC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335FA58	0_2_00007FF76335FA58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763331A80	0_2_00007FF763331A80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76338BAE8	0_2_00007FF76338BAE8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76332BAF0	0_2_00007FF76332BAF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763361B00	0_2_00007FF763361B00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763359960	0_2_00007FF763359960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330C9C0	0_2_00007FF76330C9C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633140B0	0_2_00007FF7633140B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763375EB4	0_2_00007FF763375EB4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763301D4E	0_2_00007FF763301D4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336D474	0_2_00007FF76336D474
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76331E419	0_2_00007FF76331E419
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632D6480	0_2_00007FF7632D6480
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76331C4E0	0_2_00007FF76331C4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76338E500	0_2_00007FF76338E500
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633714C4	0_2_00007FF7633714C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76334F370	0_2_00007FF76334F370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336E354	0_2_00007FF76336E354
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333D260	0_2_00007FF76333D260
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336D28C	0_2_00007FF76336D28C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763335220	0_2_00007FF763335220
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763340180	0_2_00007FF763340180
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763356123	0_2_00007FF763356123
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763356133	0_2_00007FF763356133
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763380824	0_2_00007FF763380824
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333F820	0_2_00007FF76333F820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633448A0	0_2_00007FF7633448A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632D6900	0_2_00007FF7632D6900
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333D8B0	0_2_00007FF76333D8B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633018F0	0_2_00007FF7633018F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763346720	0_2_00007FF763346720
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632F6770	0_2_00007FF7632F6770
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632F9760	0_2_00007FF7632F9760
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632F77B0	0_2_00007FF7632F77B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336B7B0	0_2_00007FF76336B7B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76337765C	0_2_00007FF76337765C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763343670	0_2_00007FF763343670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335D700	0_2_00007FF76335D700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763393570	0_2_00007FF763393570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333D590	0_2_00007FF76333D590
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633785DC	0_2_00007FF7633785DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763339600	0_2_00007FF763339600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763347C20	0_2_00007FF763347C20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632FACA0	0_2_00007FF7632FACA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763350CA0	0_2_00007FF763350CA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76331CB90	0_2_00007FF76331CB90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763376B2C	0_2_00007FF763376B2C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333DBD0	0_2_00007FF76333DBD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763309A59	0_2_00007FF763309A59
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76335DA50	0_2_00007FF76335DA50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336DABC	0_2_00007FF76336DABC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76338E980	0_2_00007FF76338E980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763348980	0_2_00007FF763348980
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763379934	0_2_00007FF763379934
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763346080	0_2_00007FF763346080
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632D60C0	0_2_00007FF7632D60C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633200ED	0_2_00007FF7633200ED
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763352100	0_2_00007FF763352100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336D0A4	0_2_00007FF76336D0A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CF60	0_2_00007FF76333CF60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763326F70	0_2_00007FF763326F70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763353F80	0_2_00007FF763353F80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763376FDC	0_2_00007FF763376FDC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7632D7010	0_2_00007FF7632D7010
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76334EFD0	0_2_00007FF76334EFD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76336DE4C	0_2_00007FF76336DE4C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333FE50	0_2_00007FF76333FE50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763307ED0	0_2_00007FF763307ED0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330BEE0	0_2_00007FF76330BEE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333DF00	0_2_00007FF76333DF00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76332AF00	0_2_00007FF76332AF00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763379EBC	0_2_00007FF763379EBC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763377D88	0_2_00007FF763377D88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76330AE00	0_2_00007FF76330AE00

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF763301D20 appears 84 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF7632FD510 appears 63 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 00007FF763306990 appears 41 times

Source: classification engine

Classification label: mal96.troj.spyw.winEXE@1/0@2/2

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76330E5A0 CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF76330E5A0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76333F820 CoInitializeEx,CoInitializeSecurity,CoCreateInstance,CoSetProxyBlanket,SysAllocStringByteLen,SysFreeString,SysAllocStringByteLen,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,SysStringByteLen,SysFreeString,SysFreeString,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF76333F820

Source: C:\Users\user\Desktop\file.exe

Mutant created: \Sessions\1\BaseNamedObjects\Mmm-A33C734061CA11EE8C18806E6F6E6963E1BD36C7

Source: file.exe

Static PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 36%

Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: --help
Source: file.exe	String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:
Source: file.exe	String found in binary or memory: ipportgrabber_max_sizeextensionslinksbuild_nameself_destructtype must be boolean, but is type must be number, but is 0123456789ABCDEFntdll.dllFile DownloaderabcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'runasopen bad variant accessfalsetrueBad any_cast[VAR... , [default: [required][nargs: or more] ..[nargs= to or more provided. argument(s) expected. : required.: no value provided.-=--help-hshows help message and exits--version-vprints version information and exitsNo such argument:

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: fwpuclnt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: schannel.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mskeyprotect.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: gpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncryptsslp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: uxtheme.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windowscodecs.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vaultcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wintypes.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: file.exe

Static PE information: Image base 0x140000000 > 0x60000000

Source: file.exe

Static file information: File size 1116160 > 1048576

Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
Source: file.exe	Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT

Source: file.exe

Static PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE

Source: file.exe

Static PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG

Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
Source: file.exe	Static PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76330D510 LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,FreeLibrary,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF76330D510

Source: file.exe

Static PE information: section name: _RDATA

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBAC push rsp; retf	0_2_00007FF76333CBAD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBB0 push rsp; retf	0_2_00007FF76333CBB1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBB4 push rsp; retf	0_2_00007FF76333CBB5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBB8 push rsp; retf	0_2_00007FF76333CBB9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBBC push rsp; retf	0_2_00007FF76333CBBD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBC0 push rsp; retf	0_2_00007FF76333CBC1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CBC4 push rsp; retf	0_2_00007FF76333CBC5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76333CB00 push rsp; retf	0_2_00007FF76333CBA1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF7633471A0 _invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,ExitProcess,ExitProcess,OpenMutexA,ExitProcess,CreateMutexExA,ExitProcess,ReleaseMutex,CloseHandle,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF7633471A0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76338BA38 FindClose,FindFirstFileExW,GetLastError,		0_2_00007FF76338BA38
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF76338BAE8 GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,__std_fs_open_handle,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,GetFileInformationByHandleEx,GetLastError,CloseHandle,CloseHandle,CloseHandle,		0_2_00007FF76338BAE8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76335A4B0 GetLogicalDriveStringsW,_invalid_parameter_noinfo_noreturn,_invalid_parameter_noinfo_noreturn,

0_2_00007FF76335A4B0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76336FBD0 VirtualQuery,GetSystemInfo,VirtualAlloc,VirtualProtect,

0_2_00007FF76336FBD0

Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\migration\wtr\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-activedirectory-webservices\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\microsoft-client-license-platform-service-migration\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: D:\sources\replacementmanifests\hwvid-migration-2\	Jump to behavior

Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696492231p
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU WestVMware20,11696492231n
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231}
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.co.inVMware20,11696492231d
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: netportal.hdfcbank.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office.comVMware20,11696492231s
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: AMC password management pageVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: interactivebrokers.comVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: microsoft.visualstudio.comVMware20,11696492231x
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231^
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Test URL for global passwords blocklistVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: outlook.office365.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW^
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696492231z
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: discord.comVMware20,11696492231f
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: global block list test formVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: dev.azure.comVMware20,11696492231j
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.comVMware20,11696492231}
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: www.interactivebrokers.co.inVMware20,11696492231~
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: bankofamerica.comVMware20,11696492231x
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: trackpan.utiitsl.comVMware20,11696492231h
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: tasks.office.comVMware20,11696492231o
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: account.microsoft.com/profileVMware20,11696492231u
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Change Transaction PasswordVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696492231
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: ms.portal.azure.comVMware20,11696492231
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWp(~K
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: turbotax.intuit.comVMware20,11696492231t
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: secure.bankofamerica.comVMware20,11696492231\|UE
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Canara Transaction PasswordVMware20,11696492231x
Source: file.exe, 00000000.00000003.1376275414.000001EA4E1F9000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Interactive Brokers - HKVMware20,11696492231]

Source: C:\Users\user\Desktop\file.exe

API call chain: ExitProcess graph end node

graph_0-69077

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76335D700 RtlAcquirePebLock,NtAllocateVirtualMemory,lstrcpyW,lstrcatW,NtAllocateVirtualMemory,lstrcpyW,RtlInitUnicodeString,RtlInitUnicodeString,LdrEnumerateLoadedModules,RtlReleasePebLock,_invalid_parameter_noinfo_noreturn,CoInitializeEx,lstrcpyW,lstrcatW,CoGetObject,lstrcpyW,lstrcatW,CoGetObject,CoUninitialize,

0_2_00007FF76335D700

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF7633683E8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

0_2_00007FF7633683E8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76338DC60 GetLastError,IsDebuggerPresent,OutputDebugStringW,

0_2_00007FF76338DC60

Source: C:\Users\user\Desktop\file.exe

0_2_00007FF76330D510

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633683E8 RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_00007FF7633683E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763385220 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_00007FF763385220

Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF76337F494
Source: C:\Users\user\Desktop\file.exe	Code function: TranslateName,TranslateName,GetACP,IsValidCodePage,GetLocaleInfoW,	0_2_00007FF76337F148
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoEx,FormatMessageA,	0_2_00007FF76338B634
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF76337F564
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,	0_2_00007FF763374518
Source: C:\Users\user\Desktop\file.exe	Code function: EnumSystemLocalesW,GetUserDefaultLCID,ProcessCodePage,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,	0_2_00007FF76337FB7C
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,	0_2_00007FF763374A5C
Source: C:\Users\user\Desktop\file.exe	Code function: GetLocaleInfoW,GetLocaleInfoW,GetACP,	0_2_00007FF76337F9A0

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\TimeZoneInformation TimeZoneKeyName

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF763385CD8 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

0_2_00007FF763385CD8

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF763359410 GetUserNameW,

0_2_00007FF763359410

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00007FF76335A760 GetTimeZoneInformation,

0_2_00007FF76335A760

Stealing of Sensitive Information

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 2064, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2064, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Electrum
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: ElectronCash
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Jaxx Liberty
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Exodus
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum
Source: file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: Ethereum\keystore

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\key4.db	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data For Account	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.log	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENT	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCK	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.old	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676

Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 2064, type: MEMORYSTR

Remote Access Functionality

Yara detected CredGrabber

Source: Yara match

File source: Process Memory Space: file.exe PID: 2064, type: MEMORYSTR

Yara detected Meduza Stealer

Source: Yara match	File source: 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 2064, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	2 Command and Scripting Interpreter	1 DLL Side-Loading	1 DLL Side-Loading	1 Deobfuscate/Decode Files or Information	1 OS Credential Dumping	12 System Time Discovery	Remote Services	1 Screen Capture	21 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	1 Native API	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	2 Obfuscated Files or Information	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	1 Email Collection	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 DLL Side-Loading	Security Account Manager	2 Process Discovery	SMB/Windows Admin Shares	1 Archive Collected Data	2 Ingress Tool Transfer	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	1 Account Discovery	Distributed Component Object Model	2 Data from Local System	2 Non-Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	1 System Owner/User Discovery	SSH	Keylogging	3 Application Layer Protocol	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	Steganography	Cached Domain Credentials	1 System Network Configuration Discovery	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	Compile After Delivery	DCSync	3 File and Directory Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	Indicator Removal from Tools	Proc Filesystem	24 System Information Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	37%	ReversingLabs	Win64.Trojan.SpywareX
file.exe	100%	Joe Sandbox ML

Source	Detection	Scanner	Label
https://api.ipify.org/	0%	URL Reputation	safe
https://api.ipify.org	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
api.ipify.org	104.26.13.205	true	false		unknown
time.windows.com	unknown	unknown	false		unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://api.ipify.org/	false	URL Reputation: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_ef0fa27a12d43fbd45649e195429e8a63ddcad7cf7e128c0	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://api.ipify.org	file.exe, 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://crl.m	file.exe, 00000000.00000003.1369057073.000001EA4B82D000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7EF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://api.ipify.org/~	file.exe, 00000000.00000003.1369125819.000001EA4B7C8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2599494351.000001EA4B7AF000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696490019400400000.2&ci=1696490019252.	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4pqWfpl%2B4pbW4pbWfpbW7ReNxR3UIG8zInwYIFIVs9e	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg	file.exe, 00000000.00000003.1386227021.000001EA4E280000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E107000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.1374444105.000001EA4E0F3000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org	file.exe, 00000000.00000003.1381574540.000001EA4D643000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D570000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1383468297.000001EA4E5D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D578000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1381574540.000001EA4D64B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.1386227021.000001EA4E18D000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://ns.microsoft.t/Regi	file.exe, 00000000.00000003.1368512194.000001EA4DFB1000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2600221699.000001EA4DFC0000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.S3DiLP_FhcLK	file.exe, 00000000.00000003.1381574540.000001EA4D57F000.00000004.00000020.00020000.00000000.sdmp	false		unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696490019400400000.1&ci=1696490019252.12791&cta	file.exe, 00000000.00000003.1387286065.000001EA4E0B3000.00000004.00000020.00020000.00000000.sdmp	false		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
176.124.204.206	unknown	Russian Federation		59652	GULFSTREAMUA	true
104.26.13.205	api.ipify.org	United States		13335	CLOUDFLARENETUS	false

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1521588
Start date and time:	2024-09-29 00:52:10 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 30s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal96.troj.spyw.winEXE@1/0@2/2
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 97% Number of executed functions: 86 Number of non-executed functions: 112
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 20.101.57.9
Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, twc.trafficmanager.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size exceeded maximum capacity and may have missing network information.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtQueryValueKey calls found.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
176.124.204.206	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse
104.26.13.205	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	api.ipify.org/
	SecuriteInfo.com.Win64.Evo-gen.13899.14592.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	api.ipify.org/
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
api.ipify.org	https://meta.com-case5173251.com/help/contact/500498727349033	Get hash	malicious	Unknown	Browse	104.26.12.205
	https://meta.com-case5173251.com/help/contact/424744076261560	Get hash	malicious	Unknown	Browse	104.26.13.205
	Balance payment.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	http://glamorous-productive-baboon.glitch.me/	Get hash	malicious	Unknown	Browse	172.67.74.152
	http://zld.byd.mybluehost.me/	Get hash	malicious	Unknown	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Stealc, Vidar	Browse	172.67.74.152
	file.exe	Get hash	malicious	LummaC, RDPWrap Tool, LummaC Stealer, Vidar	Browse	172.67.74.152

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	https://btinternet-105262.weeblysite.com/	Get hash	malicious	Unknown	Browse	104.18.86.42
	https://swiftversedapp.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	Full-Setup.exe	Get hash	malicious	LummaC	Browse	104.21.4.136
	https://ardam.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://krakennylog.gitbook.io/	Get hash	malicious	HTMLPhisher	Browse	104.16.117.116
	https://dappnoderestore.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	188.114.96.3
	http://nftpack83.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	http://coin-pro-base-login.gitbook.io/	Get hash	malicious	HTMLPhisher	Browse	172.64.147.209
	http://nfthit7.vercel.app/	Get hash	malicious	HTMLPhisher	Browse	104.18.18.237
	https://server.h74w.com/invite/84350172	Get hash	malicious	Unknown	Browse	104.21.52.99
GULFSTREAMUA	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	file.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	mSLEwIfTGL.exe	Get hash	malicious	CredGrabber, Meduza Stealer	Browse	176.124.204.206
	https://darlin.com.au/	Get hash	malicious	Unknown	Browse	176.124.222.157
	LisectAVT_2403002A_415.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.220.79
	qObijSd3Uj.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.220.79
	zqixOh6Ktr.exe	Get hash	malicious	DCRat, PureLog Stealer, zgRAT	Browse	176.124.192.196
	FaOty5cPp0.elf	Get hash	malicious	Unknown	Browse	176.124.192.196

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
37f463bf4616ecd445d4a1937da06e19	file.exe	Get hash	malicious	LummaC, Vidar	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse	104.26.13.205
	file.exe	Get hash	malicious	Vidar	Browse	104.26.13.205
	file.exe	Get hash	malicious	LummaC, Clipboard Hijacker, Cryptbot, LummaC Stealer, Neoreklami, Socks5Systemz	Browse	104.26.13.205
	CpMQGUserR.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	Installer.msi	Get hash	malicious	Unknown	Browse	104.26.13.205
	CpMQGUserR.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	file.exe	Get hash	malicious	Remcos, GuLoader	Browse	104.26.13.205
	New_Order-Rquest_Quotation_Specifications_Drawings_Samplespdf.bat.exe	Get hash	malicious	Remcos, GuLoader	Browse	104.26.13.205
	PO-2609202412666 PNG2023-W101_pdf.bat.exe	Get hash	malicious	Remcos, GuLoader	Browse	104.26.13.205

File type:	PE32+ executable (GUI) x86-64, for MS Windows
Entropy (8bit):	6.387884182537466
TrID:	Win64 Executable GUI (202006/5) 92.65% Win64 Executable (generic) (12005/4) 5.51% Generic Win/DOS Executable (2004/3) 0.92% DOS Executable Generic (2002/1) 0.92% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'116'160 bytes
MD5:	de030225e0b09c45241b8169a8a96155
SHA1:	bf568cfc34b708da4e740b13e91058d3a241fdd9
SHA256:	85d96a1ba8fa7426e48bcf430d305c6e4764db53fb86abbe53d9b80c5e474e72
SHA512:	b1bf29226496e95f7959e1536cbb8346d224a0e9f8a8b241195684eb4639a96898308d2b2771d6567700a0187f79c9ece12094865666df78136c60581d90b1dd
SSDEEP:	24576:Al73m7L8JyNMqJUUvYo9lsnL2iq47DSuH7GJ/i+kG3O:E3m7L8YMquUvf8L2iq4a2GJaC+
TLSH:	C9354A151D5D02EDD4BE817C8E5A9A12F63638460371A7EB16D187523FA3BE0AF3E720
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......:%~.~D.R~D.R~D.R.6.S.D.R.6.S.D.R.:.S!D.R.:.SoD.R.:.SvD.R.6.S.D.R.6.SrD.R.6.ShD.R~D.RgE.R.6.ScD.Rj;.SqD.Rj;.R.D.Rj;.S.D.RRich~D.

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0x1400b5714
Entrypoint Section:	.text
Digitally signed:	false
Imagebase:	0x140000000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE
DLL Characteristics:	HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F81FDF [Sat Sep 28 15:25:19 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	6
OS Version Minor:	0
File Version Major:	6
File Version Minor:	0
Subsystem Version Major:	6
Subsystem Version Minor:	0
Import Hash:	2c34752585cf27cdff9273031768b19e

Entrypoint Preview

Instruction
dec eax
sub esp, 28h
call 00007F93B4CF97B0h
dec eax
add esp, 28h
jmp 00007F93B4CF906Fh
int3
int3
and dword ptr [00055831h], 00000000h
ret
dec eax
mov dword ptr [esp+08h], ebx
push ebp
dec eax
lea ebp, dword ptr [esp-000004C0h]
dec eax
sub esp, 000005C0h
mov ebx, ecx
mov ecx, 00000017h
call dword ptr [00022B5Eh]
test eax, eax
je 00007F93B4CF91F6h
mov ecx, ebx
int 29h
mov ecx, 00000003h
call 00007F93B4CF91B9h
xor edx, edx
dec eax
lea ecx, dword ptr [ebp-10h]
inc ecx
mov eax, 000004D0h
call 00007F93B4CFB020h
dec eax
lea ecx, dword ptr [ebp-10h]
call dword ptr [00022B01h]
dec eax
mov ebx, dword ptr [ebp+000000E8h]
dec eax
lea edx, dword ptr [ebp+000004D8h]
dec eax
mov ecx, ebx
inc ebp
xor eax, eax
call dword ptr [00022AEFh]
dec eax
test eax, eax
je 00007F93B4CF922Eh
dec eax
and dword ptr [esp+38h], 00000000h
dec eax
lea ecx, dword ptr [ebp+000004E0h]
dec eax
mov edx, dword ptr [ebp+000004D8h]
dec esp
mov ecx, eax
dec eax
mov dword ptr [esp+30h], ecx
dec esp
mov eax, ebx
dec eax
lea ecx, dword ptr [ebp+000004E8h]
dec eax
mov dword ptr [esp+28h], ecx
dec eax
lea ecx, dword ptr [ebp-10h]
dec eax
mov dword ptr [esp+20h], ecx
xor ecx, ecx
call dword ptr [00022AB6h]
dec eax

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x101ec8	0x12c	.rdata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x115000	0x1e0	.rsrc
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x10d000	0x6f90	.pdata
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x116000	0xd64	.reloc
IMAGE_DIRECTORY_ENTRY_DEBUG	0xeb6f0	0x38	.rdata
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0xeb780	0x28	.rdata
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0xeb5b0	0x140	.rdata
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0xd8000	0x728	.rdata
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
.text	0x1000	0xd680c	0xd6a00	f1601782b52c4cb431ea0417c6f96ab8	False	0.429264341875364	zlib compressed data	6.324100274082822	IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
.rdata	0xd8000	0x2b668	0x2b800	6dc9f09c9ccb0ebc4a2dab62b6e18fd7	False	0.4740312948994253	data	5.695115421644324	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.data	0x104000	0x85a4	0x6000	5fbcdd9847679f1c63be9c85e41b833e	False	0.08390299479166667	data	4.559223452785583	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.pdata	0x10d000	0x6f90	0x7000	f381a8535b726f61cfa0a09a9a2be008	False	0.48440987723214285	data	6.038027055538376	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
_RDATA	0x114000	0x15c	0x200	3e44d45ac99d1dc88510f7cf5192f4a0	False	0.412109375	data	3.3233506391074092	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.rsrc	0x115000	0x1e0	0x200	da9e8769aa702da1ca0713d6a0336d18	False	0.529296875	data	4.7122981932940915	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
.reloc	0x116000	0xd64	0xe00	9d956dede158c1086b11601644b09e1f	False	0.482421875	data	5.357547607987294	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

Resources

Name	RVA	Size	Type	Language	Country	ZLIB Complexity
RT_MANIFEST	0x115060	0x17d	XML 1.0 document, ASCII text, with CRLF line terminators	English	United States	0.5931758530183727

Imports

DLL	Import
WS2_32.dll	inet_pton, WSAStartup, send, socket, connect, recv, closesocket, htons, WSACleanup
CRYPT32.dll	CryptUnprotectData
WININET.dll	HttpQueryInfoW, InternetQueryDataAvailable, InternetReadFile, InternetCloseHandle, InternetOpenW, InternetOpenA, InternetOpenUrlA
ntdll.dll	NtQuerySystemInformation, RtlInitUnicodeString, NtAllocateVirtualMemory, LdrEnumerateLoadedModules, RtlAcquirePebLock, RtlReleasePebLock, NtQueryObject
RstrtMgr.DLL	RmGetList, RmStartSession, RmRegisterResources, RmEndSession
KERNEL32.dll	CompareStringEx, LCMapStringEx, FindFirstFileW, FindNextFileW, FindClose, OpenProcess, CreateToolhelp32Snapshot, Process32NextW, LoadLibraryA, Process32FirstW, CloseHandle, GetSystemInfo, GetProcAddress, LocalFree, FreeLibrary, ExitProcess, MultiByteToWideChar, WideCharToMultiByte, TerminateProcess, GetModuleFileNameW, CreateMutexA, ReleaseMutex, OpenMutexA, ReadFile, GetModuleFileNameA, GetVolumeInformationW, SetHandleInformation, GetGeoInfoA, HeapFree, EnterCriticalSection, GetCurrentProcess, GetStdHandle, GetProcessId, LeaveCriticalSection, CreatePipe, SetFilePointer, InitializeCriticalSectionEx, FreeEnvironmentStringsW, GetModuleHandleA, HeapSize, GetLogicalDriveStringsW, GetFinalPathNameByHandleA, GetTimeZoneInformation, GetLastError, lstrcatW, HeapReAlloc, HeapAlloc, GetUserGeoID, DecodePointer, GetFileSize, DeleteCriticalSection, GetComputerNameW, GetProcessHeap, GlobalMemoryStatusEx, GetModuleHandleW, lstrcpyW, SetLastError, RtlCaptureContext, RtlLookupFunctionEntry, RtlVirtualUnwind, IsDebuggerPresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsProcessorFeaturePresent, GetCurrentProcessId, GetSystemTimeAsFileTime, GetModuleHandleExW, GetCommandLineA, GetCommandLineW, VirtualAlloc, VirtualProtect, VirtualQuery, GetFileSizeEx, SetFilePointerEx, GetCurrentThreadId, GetFileType, GetStartupInfoW, FlushFileBuffers, WriteFile, GetConsoleOutputCP, GetConsoleMode, FlsAlloc, FlsGetValue, FlsSetValue, FlsFree, InitializeCriticalSectionAndSpinCount, LoadLibraryExW, GetDateFormatW, GetTimeFormatW, CompareStringW, LCMapStringW, GetLocaleInfoW, IsValidLocale, GetUserDefaultLCID, EnumSystemLocalesW, ReadConsoleW, RaiseException, SetStdHandle, IsValidCodePage, GetACP, SetEndOfFile, GetCPInfo, GetStringTypeW, CreateFileW, WriteConsoleW, OutputDebugStringW, SetEnvironmentVariableW, SetEvent, ResetEvent, WaitForSingleObjectEx, CreateEventW, QueryPerformanceCounter, InitializeSListHead, RtlUnwindEx, RtlUnwind, RtlPcToFileHeader, EncodePointer, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, GetNativeSystemInfo, GetFileInformationByHandleEx, GetEnvironmentStringsW, CreateProcessA, GetOEMCP, AreFileApisANSI, GetTempPathW, SetFileInformationByHandle, GetFileAttributesExW, GetFileAttributesW, FindFirstFileExW, GetCurrentDirectoryW, GetLocaleInfoEx, FormatMessageA
USER32.dll	EnumDisplayDevicesW, GetDesktopWindow, GetWindowRect, ReleaseDC, GetSystemMetrics, GetDC
GDI32.dll	CreateCompatibleBitmap, SelectObject, CreateCompatibleDC, BitBlt, DeleteDC, GetObjectW, DeleteObject, GetDeviceCaps
ADVAPI32.dll	GetCurrentHwProfileW, RegCloseKey, RegGetValueA, RegQueryValueExA, OpenProcessToken, RegOpenKeyExA, GetUserNameW, RegEnumKeyExA, GetTokenInformation, CredEnumerateA, CredFree
SHELL32.dll	SHGetKnownFolderPath, ShellExecuteW
ole32.dll	CoInitializeSecurity, CoGetObject, CoTaskMemFree, CoUninitialize, CoCreateInstance, CoSetProxyBlanket, CoInitializeEx
OLEAUT32.dll	SysAllocStringByteLen, SysFreeString, SysStringByteLen
SHLWAPI.dll
gdiplus.dll	GdipSaveImageToStream, GdipGetImageEncodersSize, GdipFree, GdiplusStartup, GdiplusShutdown, GdipGetImageEncoders, GdipCloneImage, GdipAlloc, GdipCreateBitmapFromHBITMAP, GdipDisposeImage, GdipCreateBitmapFromScan0

Possible Origin

Language of compilation system	Country where language is spoken	Map
English	United States

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-09-29T00:53:22.368592+0200	2049441	ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt	1	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.368592+0200	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.368592+0200	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.375741+0200	2050806	ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2	1	192.168.2.7	49704	176.124.204.206	15666	TCP
2024-09-29T00:53:22.375741+0200	2050807	ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP)	1	192.168.2.7	49704	176.124.204.206	15666	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 29, 2024 00:53:17.022834063 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:17.030420065 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:17.030564070 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:17.566451073 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:17.566509008 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:17.566602945 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:17.578805923 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:17.578845978 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.053302050 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.053446054 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.127844095 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.127882004 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.128230095 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.128312111 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.129591942 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.175412893 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.240852118 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.240925074 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:18.240946054 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.240978003 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.241285086 CEST	49705	443	192.168.2.7	104.26.13.205
Sep 29, 2024 00:53:18.241311073 CEST	443	49705	104.26.13.205	192.168.2.7
Sep 29, 2024 00:53:22.368592024 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.375663996 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.375679016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.375699997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.375710011 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.375736952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.375741005 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.375771999 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.375783920 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.377258062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.377269983 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.377279997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.377332926 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.377355099 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.377386093 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.378968954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.379431963 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.381799936 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.381863117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.382345915 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.382421017 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.382431984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.382441044 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.382539988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.382958889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.383268118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.384115934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.384172916 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.384181023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.384192944 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.384248018 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.384732008 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.384859085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.384923935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.385890007 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.387232065 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.388123989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.388789892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.388849974 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.389265060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.390417099 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.390479088 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.390654087 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.391187906 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.392412901 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.394102097 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.394177914 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.395488977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.395498037 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.395508051 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.395560026 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.395911932 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.395962000 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397020102 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397028923 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397063017 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397063971 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397083998 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397125959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397154093 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397557974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397610903 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397633076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397663116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397671938 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397680998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397730112 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397730112 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.397763968 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397774935 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.397871971 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.398261070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.398271084 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.398308992 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.398319006 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.399214983 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.400657892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400667906 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400686026 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400693893 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400719881 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.400719881 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.400743961 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.400757074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400765896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400774002 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.400815010 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.400830030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.402322054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402369976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402369976 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.402380943 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402390003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402399063 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402432919 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.402445078 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.402445078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.402488947 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.403795958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.403805971 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.403815031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.403866053 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404205084 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404257059 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404267073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404275894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404310942 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404328108 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404751062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404798031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404800892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404845953 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404885054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404896021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404905081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404937983 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404947996 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404953957 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404953957 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.404967070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404978991 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.404992104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.405040026 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.406049013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.406095028 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407342911 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407352924 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407370090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407381058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407402992 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407414913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407428980 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407434940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407444954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407490015 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407864094 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.407953978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.407974005 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.408132076 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.409189939 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409199953 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409209013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409219980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409236908 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409245968 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409256935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.409259081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.409280062 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.409312010 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.410878897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.410897017 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.410907030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.410959959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.410968065 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411000013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411015034 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.411031961 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411046028 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411051989 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.411072016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411078930 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.411094904 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.411123991 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.411534071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411545038 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.411600113 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.412782907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412794113 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412852049 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.412880898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412890911 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412904978 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412911892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412919044 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412929058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412941933 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.412954092 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.412955999 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412966967 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.412969112 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.412997961 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.413012981 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.414657116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414668083 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414675951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414689064 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414697886 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414716005 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.414724112 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.414747953 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.414761066 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.415834904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.415846109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.415853977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.415894985 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.415894985 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.416577101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416588068 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416598082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416631937 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.416631937 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.416668892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416680098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416696072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416706085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416714907 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.416737080 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.416762114 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.416779041 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.417854071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417865038 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417874098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417882919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417892933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417906046 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417910099 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.417912006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417927980 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.417943001 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417952061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.417957067 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.417992115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.418458939 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.418505907 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.418579102 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.418622017 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420101881 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420109987 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420139074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420156002 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420166016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420231104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420250893 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420389891 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420402050 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420413971 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420432091 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420439005 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420466900 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420475006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420476913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420486927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420500994 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.420528889 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.420545101 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.421765089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421777964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421787977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421801090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421818018 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.421835899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.421849012 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421853065 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.421859980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421869040 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.421902895 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.421920061 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.422911882 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.422957897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423017979 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.423036098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423046112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423054934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423099995 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.423099995 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.423552036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423563004 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423573971 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423583984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423604965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423614025 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423621893 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.423623085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.423633099 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.423674107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424185038 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424223900 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424236059 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424258947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424268961 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424312115 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424314022 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424321890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424352884 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424354076 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424357891 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424380064 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424406052 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424412966 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.424417973 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.424463987 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.425549030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.425559998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.425617933 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427207947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427218914 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427227974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427237988 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427253962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427263021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427273989 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427280903 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427285910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427292109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427306890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427313089 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427325010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427342892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427344084 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427352905 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.427360058 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427396059 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.427407026 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429105997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429116964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429157972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429168940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429178953 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429181099 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429188967 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429214001 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429215908 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429227114 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429229975 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429263115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429276943 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.429944992 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429955959 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.429994106 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430006981 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430038929 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430042982 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430053949 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430063009 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430100918 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430128098 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430565119 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430576086 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430613995 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430618048 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430627108 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430663109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430672884 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430675030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430682898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.430713892 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.430728912 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.431252956 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431302071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431312084 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431356907 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.431361914 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431374073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431390047 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.431407928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432118893 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432156086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432183981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432193041 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432203054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432210922 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432226896 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432260990 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432276011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432763100 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432774067 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432781935 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.432822943 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.432841063 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434181929 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434192896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434236050 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434247971 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434248924 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434257030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434267998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434278011 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434287071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434288025 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434297085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434315920 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434345961 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434828043 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434878111 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434911013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434921026 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434930086 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.434976101 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.434976101 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435502052 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435512066 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435530901 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435545921 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435554981 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435559034 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435566902 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435570955 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435585022 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435590029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435600042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435607910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.435617924 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435632944 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.435658932 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.436842918 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.436892033 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.436943054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.436949968 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.436952114 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.436954021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.436959028 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437022924 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.437589884 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437637091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.437639952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437681913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.437711954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437721968 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437766075 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.437798977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437808990 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.437851906 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.437869072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.438349009 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.438492060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.438548088 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.439702988 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.439718962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.439724922 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.439727068 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.439779997 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440253973 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440263987 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440315008 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440341949 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440351963 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440362930 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440373898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440395117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440407991 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440419912 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440421104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440458059 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440557957 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440568924 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440577030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.440608978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.440627098 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442095995 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442116022 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442126036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442133904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442174911 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442193031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442298889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442308903 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442337990 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442347050 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442351103 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442388058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442389011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442399025 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442433119 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442461967 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442863941 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442874908 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442918062 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.442920923 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442931890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.442970991 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444591999 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444602966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444612980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444622993 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444642067 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444652081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444657087 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444663048 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444673061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444685936 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444694042 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444694996 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444715023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444722891 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444725037 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444736004 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444751978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444768906 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444785118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444808960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444822073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444830894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444839954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.444861889 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.444886923 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.445277929 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445287943 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445307016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445316076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445322990 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445327997 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.445348978 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.445358038 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.445368052 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.445391893 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447052002 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447062969 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447114944 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447124004 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447134972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447143078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447153091 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447160959 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447174072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447196960 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447207928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447673082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447717905 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447724104 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447763920 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447771072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447774887 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447788000 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447798014 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447805882 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.447815895 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447865009 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.447865009 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.448916912 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.448926926 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.448945999 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.448955059 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.448981047 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.448997974 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.449531078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.449552059 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.449556112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.449563980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.449570894 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.449604988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.450114965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450125933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450135946 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450145006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450162888 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.450167894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450179100 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.450187922 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.450207949 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.451848984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.451859951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.451869965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.451884031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.451894045 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.451913118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.451941967 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452387094 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452397108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452414036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452423096 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452459097 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452476025 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452495098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452505112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452513933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452522039 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452539921 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452548981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452553988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452568054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.452569008 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452584982 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452608109 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.452621937 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.453021049 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453032017 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453051090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453068972 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.453083038 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.453099012 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.453102112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453113079 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453123093 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453131914 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.453159094 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.453176975 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.454288960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454299927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454334021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454339981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454344034 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.454355955 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454360962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454363108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.454377890 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.454401016 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.454415083 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.455542088 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.455552101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.455558062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.455605984 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.462323904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.463956118 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.463964939 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.463985920 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.464122057 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.464199066 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.464212894 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472315073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472327948 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472346067 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472354889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472388983 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472409964 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472430944 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472440958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472457886 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472467899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472481966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472486019 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472491980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472502947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472510099 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472511053 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472529888 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472539902 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472541094 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472552061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472553015 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472562075 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472573042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472582102 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472585917 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472595930 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472634077 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472673893 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472683907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472692966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472702026 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472709894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472718000 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472722054 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472727060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472738981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.472763062 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.472785950 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.513408899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.517299891 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.517409086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.517429113 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.557571888 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.561304092 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.561398029 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.561417103 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.567846060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567903996 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567903042 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.567914963 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567924976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567939997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567945957 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567958117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.567961931 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567971945 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.567980051 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568007946 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568017006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568023920 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568026066 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568038940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568056107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568073988 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568084002 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568093061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568104029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568105936 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568119049 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568135977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568141937 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568145990 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568151951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568157911 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568162918 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568172932 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568182945 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568193913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568193913 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568203926 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568213940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568222046 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568222046 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568232059 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568249941 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568250895 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568259954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568279028 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568284988 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568294048 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568295002 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568304062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568317890 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568319082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568325043 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568329096 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.568358898 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.568375111 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.569907904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.569916964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.569926023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.569936037 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.569955111 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.569981098 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.569996119 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570007086 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570017099 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570025921 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570029020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570034981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570044994 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570054054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570070028 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570075035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570076942 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570087910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570087910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570099115 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570106983 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570108891 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570118904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570122004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570130110 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570142031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570149899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570162058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570167065 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570172071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570182085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570184946 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570200920 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570208073 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570210934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570228100 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570235014 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570244074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570246935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570264101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570272923 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570287943 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570296049 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570317030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570333958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570346117 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570353985 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570364952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.570372105 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570391893 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.570415020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574124098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574134111 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574286938 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574692965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574703932 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574707031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574712992 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574724913 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574754953 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574774981 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574794054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574805021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574814081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574840069 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574862957 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574908972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574918985 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574935913 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574945927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574954033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574956894 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574964046 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574974060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.574980021 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.574984074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575001955 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.575011015 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575016975 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.575021029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575030088 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575041056 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575050116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575057983 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.575058937 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575069904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.575117111 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.617463112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.617660999 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.617779016 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.617824078 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622626066 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622637033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622644901 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622667074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622675896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622689009 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622694016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622704029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622725964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622728109 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622735977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622746944 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622746944 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622759104 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622775078 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622780085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622791052 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622791052 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622800112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622808933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622818947 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622855902 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622878075 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622889042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622896910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622905970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622915030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622922897 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622924089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622946024 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622957945 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622958899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622967005 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.622971058 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.622977972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623003006 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623011112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623020887 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623028994 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623034000 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623039007 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623049021 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623058081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623066902 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623084068 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623109102 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623114109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623116970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623119116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623120070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623125076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623172045 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623182058 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623182058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623192072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623204947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.623222113 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.623253107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.665385962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.665570974 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.665672064 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.665699959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.696312904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.696600914 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.696727991 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.696758032 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701497078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701508999 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701525927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701534986 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701555014 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701587915 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701601028 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701607943 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701616049 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701621056 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701632023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701637030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701642990 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701666117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701692104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701704979 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701714993 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701721907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701744080 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701746941 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701755047 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701762915 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701764107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701792955 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701795101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701809883 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701838017 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701847076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701855898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701891899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701905012 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701915026 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701922894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701931000 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701946974 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701976061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701980114 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.701986074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.701993942 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702003002 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702012062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702014923 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702033997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702039003 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702044010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702052116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702056885 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702085018 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702107906 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702117920 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702125072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702142000 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702142954 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702151060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702167034 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702193975 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.702219009 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702229023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.702261925 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.745440960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.745548964 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.745636940 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.755640984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.755784035 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.755872011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.755898952 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.760715961 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.760740995 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.760754108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.760763884 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.760770082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.760788918 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.760823965 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.760900021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.760936022 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.760967016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761008024 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761013031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761059046 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761065006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761112928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761141062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761179924 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761189938 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761198997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761209965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761236906 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761255026 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761282921 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761292934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761296988 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761333942 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761497974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761512995 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761542082 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761552095 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761567116 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761585951 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761641026 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761650085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761687040 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761689901 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761737108 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761769056 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761781931 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761805058 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761806965 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761826038 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761831045 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761846066 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761866093 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761874914 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761904001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.761962891 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761972904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761981010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.761989117 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762006998 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762023926 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762029886 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762032986 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762038946 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762063980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762087107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762109041 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762171030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762180090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762187958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762201071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762216091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762232065 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762247086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762306929 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762347937 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762350082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762362003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762392044 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762404919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762408972 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762448072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762449980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762491941 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762521029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762532949 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762556076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762561083 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762573004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762604952 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.762615919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.762659073 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.765712976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.765753031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.765763998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.765808105 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.765860081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.765896082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.765909910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.765938044 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766022921 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766066074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766139984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766179085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766180992 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766218901 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766433954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766446114 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766450882 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766460896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766495943 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766518116 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766527891 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766583920 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766602993 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766647100 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766704082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766747952 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766809940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.766844988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.766999960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767009974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767044067 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767045021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767086983 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767095089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767102957 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767151117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767232895 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767250061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767292023 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767318964 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767348051 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767414093 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767424107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767429113 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767453909 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767456055 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767467976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767473936 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767493963 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767503977 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767513990 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767518997 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767554045 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767596960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767606974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767647028 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767648935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767657042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767700911 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767735004 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767745972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767772913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767791986 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767801046 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767808914 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767824888 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767842054 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767868996 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767869949 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767910004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.767914057 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767925978 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.767959118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.770561934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.770603895 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.770608902 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.770649910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.770795107 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.770803928 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.770812035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.770834923 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.770860910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771003962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771013021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771050930 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771327972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771369934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771368980 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771413088 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771423101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771434069 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771466970 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771481991 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771512985 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771553040 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771563053 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771574974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771600008 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771620035 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771647930 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771661043 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771671057 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.771688938 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771722078 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.771949053 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772022963 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772034883 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772052050 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772068024 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772072077 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772110939 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772126913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772136927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772175074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772200108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772222042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772243977 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772279978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772324085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772361994 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772427082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772469997 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772504091 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772547960 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772583961 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772593975 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772603989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772634029 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772636890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772649050 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772659063 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772680998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772691011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772732019 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772742987 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772787094 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772810936 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772852898 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.772860050 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.772905111 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.773127079 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.773139000 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.773164988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.773176908 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.773207903 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.773230076 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775449991 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775516033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775525093 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775549889 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775574923 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775592089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775618076 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775635004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775715113 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775723934 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775765896 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.775953054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.775960922 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776001930 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776241064 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776288033 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776355982 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776365042 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776371956 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776401997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776402950 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776417971 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776448011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776451111 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776479959 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776499033 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776521921 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776573896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776582956 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776591063 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776621103 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776626110 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776638031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776671886 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776863098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.776906967 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.776993036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777002096 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777041912 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777045012 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777067900 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777076960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777090073 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777107954 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777177095 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777187109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777242899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777278900 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777324915 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777470112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777512074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777630091 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777657032 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777676105 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777699947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777707100 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777708054 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777749062 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777767897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777777910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777817965 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777848959 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777858019 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777864933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777898073 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777914047 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.777940989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.777987957 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.778049946 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778076887 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778090000 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.778115988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.778136015 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778178930 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.778203964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778212070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778253078 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.778266907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778275967 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778283119 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.778342962 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.780426025 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780435085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780488014 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.780543089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780590057 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.780725956 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780736923 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780775070 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.780843973 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780879021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.780881882 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.780930042 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781104088 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781150103 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781172991 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781212091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781235933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781279087 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781308889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781316996 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781356096 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781400919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781414032 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781450987 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781461954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781514883 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781580925 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781591892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781651020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781896114 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781904936 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781944036 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781960011 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.781980991 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.781982899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782011032 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782022953 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782107115 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782150030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782172918 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782215118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782310009 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782341003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782346964 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782351017 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782391071 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782509089 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782517910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782562017 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782644033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782691002 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782716036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782758951 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.782969952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782980919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.782989979 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783006907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783015013 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783034086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783060074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783101082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783109903 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783157110 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783191919 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783195972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783201933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783210993 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783236027 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783265114 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783334970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783375978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783596992 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783641100 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783701897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783710003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783718109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.783749104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.783770084 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.785237074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785300016 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.785501003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785514116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785564899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785691977 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.785744905 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785753965 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.785801888 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786043882 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786052942 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786087036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786148071 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786150932 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786201954 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786209106 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786220074 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786264896 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786274910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786322117 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786326885 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786353111 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786370039 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786396027 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786406994 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786441088 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786443949 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786490917 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786518097 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786566019 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786583900 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786631107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786823034 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786874056 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.786941051 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.786983013 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.787067890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.787117958 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.829586029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.829804897 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.829901934 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.829966068 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.841779947 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.841984987 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.842081070 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.842138052 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847053051 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847112894 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847155094 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847165108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847227097 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847301960 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847357988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847408056 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847429037 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847469091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847475052 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847507954 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847508907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847522020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847548962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847553015 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847598076 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847661018 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847670078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847712040 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847733974 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847783089 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847917080 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847927094 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847944975 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847955942 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.847978115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.847992897 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848006010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848016024 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848054886 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848088980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848135948 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848162889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848212004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848304033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848354101 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848383904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848392963 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848414898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848429918 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848450899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848462105 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848612070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848620892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848629951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848671913 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848684072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848690033 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848699093 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848707914 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848757982 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848824024 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848862886 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848880053 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848903894 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.848912954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.848963022 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849004984 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849015951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849061966 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849067926 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849088907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849124908 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849139929 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849164963 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849215031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849231958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849241972 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849256039 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849288940 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849311113 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849385023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849394083 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849402905 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849442959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849468946 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.849477053 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.849525928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852063894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852123022 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852157116 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852171898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852184057 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852204084 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852207899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852229118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852242947 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852264881 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852269888 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852325916 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852788925 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852799892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852808952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852817059 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852827072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852835894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852844954 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852847099 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852853060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852861881 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852870941 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852874994 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852888107 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852895021 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852895975 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852907896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852912903 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852917910 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852926970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852941036 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852943897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852967024 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.852971077 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.852993011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853009939 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853094101 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853142977 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853157043 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853166103 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853213072 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853317976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853369951 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853502035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853512049 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853568077 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853574991 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853614092 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853627920 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853629112 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853662968 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853677034 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.853830099 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853840113 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.853888035 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.854233980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.854291916 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.854341984 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.854460001 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.854475975 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.854485035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.854509115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.854527950 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.857105017 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.857167959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.857177973 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.857237101 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.857781887 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.857831001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.857968092 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858023882 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858032942 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858038902 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858042955 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858072996 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858083010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858087063 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858093023 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858139992 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858190060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858200073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858207941 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858242035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858256102 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858299971 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858311892 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858323097 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858339071 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858361006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858369112 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858388901 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858411074 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858493090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858541965 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858582020 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858591080 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858634949 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858638048 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858654976 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858664989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858674049 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858684063 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858710051 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858736992 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858748913 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858757973 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858810902 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858830929 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858839989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858848095 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858856916 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.858885050 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.858906031 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.860320091 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860373020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.860409975 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860419035 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860426903 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860454082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860464096 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860482931 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.860507011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.860946894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860956907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860965967 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860975027 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860982895 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.860991955 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.861000061 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.861006021 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.861008883 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.861016989 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.861052036 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.861089945 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.861988068 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862045050 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.862114906 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862170935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.862315893 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862325907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862334013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862368107 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.862385035 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.862970114 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862979889 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.862987995 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863035917 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863040924 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863094091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863133907 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863204956 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863251925 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863261938 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863272905 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863322020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863336086 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863389969 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863446951 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863511086 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863511086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863521099 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863565922 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863604069 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863614082 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863661051 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863686085 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863696098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863744020 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863781929 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863792896 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863837004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863864899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.863913059 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.863950968 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.864010096 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.865319967 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.865374088 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.865886927 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.865896940 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.865947962 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.865973949 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.865983009 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.865992069 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866029978 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866034031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866051912 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866085052 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866102934 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866146088 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866197109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866223097 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866250992 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866275072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866337061 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866421938 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866431952 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866441011 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866476059 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866477013 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866492033 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866523981 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.866919994 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.866967916 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.867163897 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867213011 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.867228985 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867238998 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867281914 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.867288113 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867336988 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.867357016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867366076 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.867422104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.867952108 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868004084 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868575096 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868586063 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868596077 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868604898 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868613958 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868623018 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868633032 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868643045 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868679047 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868721008 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868729115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868731022 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868760109 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868779898 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868814945 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868880987 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868891001 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868932962 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868932962 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868949890 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868959904 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.868980885 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.868993044 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.869012117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.869045019 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.870587111 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.870639086 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.870865107 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.870932102 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.870939016 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871006012 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.871010065 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871021986 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871068001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.871124029 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871176004 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.871251106 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871300936 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.871403933 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871426105 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871464014 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.871824980 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.871880054 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.883071899 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.883209944 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.885060072 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.885113001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.885452986 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.885535955 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.885648966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.885658979 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.885737896 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.886027098 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.886037111 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.886116028 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.886689901 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.886768103 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.889544964 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.889683962 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.892046928 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.892167091 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.892883062 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.892998934 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.895092010 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.895103931 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.895211935 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.895585060 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.895636082 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.898432970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.898596048 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.898670912 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.898696899 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.900152922 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.900209904 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.902256966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.902379036 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.903989077 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.904057980 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.904356956 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.904453993 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.905673981 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.905801058 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.907396078 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.907449007 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.909250021 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.909373999 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.909533978 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.909600973 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.911324024 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.911398888 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.911428928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.911500931 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.911518097 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.911565065 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.911569118 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.911614895 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.912589073 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.912638903 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.914773941 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.914778948 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.914884090 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.915009022 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.915088892 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.915230036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.915292025 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.916713953 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.916822910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.918613911 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.918725014 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.920751095 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.920892954 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.920958996 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.921737909 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.921792030 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.922446966 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.922549009 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.924494028 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.924618959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.927505970 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.927515030 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.927643061 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.927707911 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.932686090 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.932838917 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.932904959 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.932923079 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.933429003 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.933569908 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.933638096 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.937735081 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.937810898 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.939779997 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.939961910 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.940032005 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.940079927 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.940136909 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.940152884 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.942653894 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.942704916 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.944845915 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.944900036 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.945230007 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.945314884 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.946808100 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.946939945 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.946999073 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.947043896 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.947556019 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.947613001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.949851036 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.949901104 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.968492031 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:22.968679905 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.968758106 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.968811989 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.968868971 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:22.968892097 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.021528006 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:23.021769047 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.021888971 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.021950960 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.022016048 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.022047997 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.070522070 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:23.070749044 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.070838928 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.070884943 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.070943117 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.070956945 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.117435932 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:23.117604017 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.117697001 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.117746115 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.117809057 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.117830038 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.169440985 CEST	15666	49704	176.124.204.206	192.168.2.7
Sep 29, 2024 00:53:23.169625998 CEST	49704	15666	192.168.2.7	176.124.204.206
Sep 29, 2024 00:53:23.169729948 CEST	49704	15666	192.168.2.7	176.124.204.206

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Sep 29, 2024 00:53:13.088953972 CEST	192.168.2.7	1.1.1.1	0x5020	Standard query (0)	time.windows.com	A (IP address)	IN (0x0001)	false
Sep 29, 2024 00:53:17.552046061 CEST	192.168.2.7	1.1.1.1	0x581a	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Sep 29, 2024 00:53:13.097594023 CEST	1.1.1.1	192.168.2.7	0x5020	No error (0)	time.windows.com	twc.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Sep 29, 2024 00:53:17.561027050 CEST	1.1.1.1	192.168.2.7	0x581a	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Sep 29, 2024 00:53:17.561027050 CEST	1.1.1.1	192.168.2.7	0x581a	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Sep 29, 2024 00:53:17.561027050 CEST	1.1.1.1	192.168.2.7	0x581a	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.7	49705	104.26.13.205	443	2064	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
2024-09-28 22:53:18 UTC	100	OUT	GET / HTTP/1.1 Accept: text/html; text/plain; / Host: api.ipify.org Cache-Control: no-cache
2024-09-28 22:53:18 UTC	211	IN	HTTP/1.1 200 OK Date: Sat, 28 Sep 2024 22:53:18 GMT Content-Type: text/plain Content-Length: 11 Connection: close Vary: Origin CF-Cache-Status: DYNAMIC Server: cloudflare CF-RAY: 8ca74f0cabe6c45e-EWR
2024-09-28 22:53:18 UTC	11	IN	Data Raw: 38 2e 34 36 2e 31 32 33 2e 33 33 Data Ascii: 8.46.123.33

Target ID:	0
Start time:	18:53:16
Start date:	28/09/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	false
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x7ff7632d0000
File size:	1'116'160 bytes
MD5 hash:	DE030225E0B09C45241B8169A8A96155
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_MeduzaStealer, Description: Yara detected Meduza Stealer, Source: 00000000.00000002.2599494351.000001EA4B76A000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	false

Show Windows behavior

Execution Graph

Execution Coverage:	7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	38.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	108

Executed Functions

Function 00007FF76332E4E0 Relevance: 84.2, APIs: 36, Strings: 11, Instructions: 1962COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF76332E56F

Strings

" --type , xrefs: 00007FF76332FFC1
--key ", xrefs: 00007FF76333002E
status, xrefs: 00007FF763330B27
cmd /c "", xrefs: 00007FF76332FF69
ios_base::failbit set, xrefs: 00007FF763330B5D
ios_base::eofbit set, xrefs: 00007FF763330B64
, xrefs: 00007FF76332E5BE
APPB:, xrefs: 00007FF7633303E2
File.exe, xrefs: 00007FF76332FA9B
6, xrefs: 00007FF76332F68D
ios_base::badbit set, xrefs: 00007FF763330B51

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FileModuleName
String ID: $ --key "$" --type $APPB:$File.exe$cmd /c ""$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$status$6
API String ID: 514040917-1525073170
Opcode ID: 5fc856a2cc2307c6d7fa37578e25aed0dccd97dc840e6619a0df3d6f05366ff4
Instruction ID: 43234b4f68dbcce1297aa978df6c85ad3a6c802a45ea733f4e4ddd3d07ef55de
Opcode Fuzzy Hash: 5fc856a2cc2307c6d7fa37578e25aed0dccd97dc840e6619a0df3d6f05366ff4
Instruction Fuzzy Hash: 6223C772A15BC5C9EBA09F29D8813EDB361FB85758F405329EA9D17B99EF38D240C310

Function 00007FF763358CC0 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 374
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetSystemMetrics.USER32 ref: 00007FF763358D0C
GetSystemMetrics.USER32 ref: 00007FF763358D1A
GetSystemMetrics.USER32 ref: 00007FF763358D28
GetSystemMetrics.USER32 ref: 00007FF763358D36
GetDC.USER32 ref: 00007FF763358D40
GetDeviceCaps.GDI32 ref: 00007FF763358D56
GetDeviceCaps.GDI32 ref: 00007FF763358D66
CreateCompatibleDC.GDI32 ref: 00007FF763358D73
CreateCompatibleBitmap.GDI32 ref: 00007FF763358D8B
SelectObject.GDI32 ref: 00007FF763358DA1
BitBlt.GDI32 ref: 00007FF763358DD7
SHCreateMemStream.SHLWAPI ref: 00007FF763358DFD
SelectObject.GDI32 ref: 00007FF763358E17
DeleteDC.GDI32 ref: 00007FF763358E20
ReleaseDC.USER32 ref: 00007FF763358E2B
DeleteObject.GDI32 ref: 00007FF763358E34
EnterCriticalSection.KERNEL32 ref: 00007FF763358F2B
LeaveCriticalSection.KERNEL32 ref: 00007FF763358F38
GetObjectW.GDI32 ref: 00007FF763358F54
IStream_Size.SHLWAPI ref: 00007FF763358FFF
IStream_Reset.SHLWAPI ref: 00007FF76335900F
IStream_Read.SHLWAPI ref: 00007FF763359070
SelectObject.GDI32 ref: 00007FF7633590BF
DeleteDC.GDI32 ref: 00007FF7633590C8
ReleaseDC.USER32 ref: 00007FF7633590D5
DeleteObject.GDI32 ref: 00007FF7633590DE
DeleteObject.GDI32 ref: 00007FF7633591E8
EnterCriticalSection.KERNEL32 ref: 00007FF7633591FA
EnterCriticalSection.KERNEL32 ref: 00007FF76335920A
GdiplusShutdown.GDIPLUS ref: 00007FF763359218
LeaveCriticalSection.KERNEL32 ref: 00007FF763359225
LeaveCriticalSection.KERNEL32 ref: 00007FF76335922F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359273

Strings

, xrefs: 00007FF763358DAC

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Object$CriticalSection$Delete$MetricsSystem$CreateEnterLeaveSelectStream_$CapsCompatibleDeviceRelease$BitmapGdiplusReadResetShutdownSizeStream_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1635401455-3916222277
Opcode ID: 3a2c9e1e0611246e604ce157a124539e6b286dd82537658a06beef2d21c92f2c
Instruction ID: a9261e48893476d7ece692920c4d630b003d1b664ac956f52e7cebb78dcbdd48
Opcode Fuzzy Hash: 3a2c9e1e0611246e604ce157a124539e6b286dd82537658a06beef2d21c92f2c
Instruction Fuzzy Hash: 73028E72A14BC1CAE750DF76D8442A9B7A1FB897A8F90423AEA5D57B98DF3CD044C310

Function 00007FF76332BAF0 Relevance: 54.6, APIs: 22, Strings: 8, Instructions: 2081COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF2E
Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF6A

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E288
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E28E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E294
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E29A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E2EA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E30D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E313
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E329
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E32F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76332E335
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E38C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E392
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E3E7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E3ED
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E3F3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E409
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E40F
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76332E415
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E46C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E472
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E4C7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332E4CD

Part of subcall function 00007FF763310AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763310B94

Part of subcall function 00007FF763311A80: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763311B80
Part of subcall function 00007FF763311A80: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763311B8C

Strings

filename, xrefs: 00007FF76332C4ED, 00007FF76332CFD8, 00007FF76332DBD2
directory_iterator::directory_iterator, xrefs: 00007FF76332E2C7
recursive_directory_iterator::operator++, xrefs: 00007FF76332E3A6, 00007FF76332E486
status, xrefs: 00007FF76332E2D7, 00007FF76332E31C, 00007FF76332E3FC
cannot use push_back() with , xrefs: 00007FF76332E34D, 00007FF76332E42D
content, xrefs: 00007FF76332C5E4, 00007FF76332D0CE, 00007FF76332DCC8
exists, xrefs: 00007FF76332E2B0, 00007FF76332E300, 00007FF76332E3DA, 00007FF76332E4BA
recursive_directory_iterator::recursive_directory_iterator, xrefs: 00007FF76332E3BD, 00007FF76332E49D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$__std_fs_convert_wide_to_narrow
String ID: cannot use push_back() with $content$directory_iterator::directory_iterator$exists$filename$recursive_directory_iterator::operator++$recursive_directory_iterator::recursive_directory_iterator$status
API String ID: 972399972-4250644884
Opcode ID: ac1c4a39928003ae646900306c94808a3542728c4d9560a95ceaf51d0f58be9e
Instruction ID: a8c6469e3d444de103ad890cfc7a06b92b308b8ced9c755bfaff491dd173b033
Opcode Fuzzy Hash: ac1c4a39928003ae646900306c94808a3542728c4d9560a95ceaf51d0f58be9e
Instruction Fuzzy Hash: 65236C72A09BC2C1EAB0AB15E4807EAB361FBC5754F80523AD69D53B99EF3CD144CB10

Function 00007FF76335B410 Relevance: 52.1, APIs: 19, Strings: 10, Instructions: 1387
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7633598A0: EnumDisplayDevicesW.USER32 ref: 00007FF7633598F9

Part of subcall function 00007FF7633597D0: RegGetValueA.KERNEL32 ref: 00007FF763359837

Part of subcall function 00007FF763359410: GetUserNameW.ADVAPI32 ref: 00007FF763359455

Part of subcall function 00007FF7633594B0: GetComputerNameW.KERNEL32 ref: 00007FF7633594F5

Part of subcall function 00007FF763310AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763310B94

GlobalMemoryStatusEx.KERNEL32 ref: 00007FF76335B8C6
wcsftime.LIBCMT ref: 00007FF76335C13F
GetModuleFileNameA.KERNEL32 ref: 00007FF76335C301
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD63
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD69
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD6F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD75
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD7B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD81
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD87
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD8D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD93
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD99
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CD9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CDA5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CDAB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CDB1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335CDB7

Strings

ram, xrefs: 00007FF76335B9B3
cpu, xrefs: 00007FF76335B786
gpu, xrefs: 00007FF76335B670
Meduza, xrefs: 00007FF76335C751
timezone, xrefs: 00007FF76335C650
computer_name, xrefs: 00007FF76335BAB7
user_name, xrefs: 00007FF76335B560
%d-%m-%Y, %H:%M:%S, xrefs: 00007FF76335C12C
time, xrefs: 00007FF76335C227
system, xrefs: 00007FF76335B50C, 00007FF76335B61C, 00007FF76335B732, 00007FF76335B824, 00007FF76335B95F, 00007FF76335BA61, 00007FF76335BB64, 00007FF76335BD06, 00007FF76335BF22, 00007FF76335C1D3, 00007FF76335C3B0, 00007FF76335C5FC, 00007FF76335C7B5, 00007FF76335C973, 00007FF76335CA32

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Name$ComputerDevicesDisplayEnumFileGlobalMemoryModuleStatusUserValuewcsftime
String ID: %d-%m-%Y, %H:%M:%S$Meduza$computer_name$cpu$gpu$ram$system$time$timezone$user_name
API String ID: 3508509583-3212829035
Opcode ID: 2d5f15bc54f1ca29a225682702a53465a3a0fc97c076185d6b9a8703f5fd5a38
Instruction ID: fbfe0a0bdcdeef627bd8d926635ca70f7c56f1c7216eb29dfd7cb41ff421b464
Opcode Fuzzy Hash: 2d5f15bc54f1ca29a225682702a53465a3a0fc97c076185d6b9a8703f5fd5a38
Instruction Fuzzy Hash: CBE2C532A14BC5C9D761DF35D8802EDB761FB85748F80922AEA9C57B99EF38D284C710

Function 00007FF7633471A0 Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 592
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

1.0, xrefs: 00007FF76334763B
--key, xrefs: 00007FF76334773B, 00007FF763347899
--type, xrefs: 00007FF7633477D1
APPB:, xrefs: 00007FF763347912

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: --key$--type$1.0$APPB:
API String ID: 0-155154914
Opcode ID: f92cc1b6e4a30f8a6d2b8695ab4f0f9a510a396872d5d3fa63fd374dd7418253
Instruction ID: fe90439c4ceb88fb52e1260f62f4917403c3b23f9faa5d88bb3d5f357dcdbf4d
Opcode Fuzzy Hash: f92cc1b6e4a30f8a6d2b8695ab4f0f9a510a396872d5d3fa63fd374dd7418253
Instruction Fuzzy Hash: EF429F32A19BC6C1FA94AB26E4543EEE361FB85780F805139E69D27B96DF3CD094C310

Function 00007FF76330D510 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 864
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

LoadLibraryA.KERNEL32 ref: 00007FF76330D5ED
GetProcAddress.KERNEL32 ref: 00007FF76330D6EB
GetProcAddress.KERNEL32 ref: 00007FF76330D7AF
GetProcAddress.KERNEL32 ref: 00007FF76330D82A
GetProcAddress.KERNEL32 ref: 00007FF76330D8AF
GetProcAddress.KERNEL32 ref: 00007FF76330D92A
GetProcAddress.KERNEL32 ref: 00007FF76330D9AF
FreeLibrary.KERNEL32 ref: 00007FF76330E4D8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E50E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E566
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E56C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E572
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E578
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E57E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E584
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E58A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330E590

Strings

cannot use push_back() with , xrefs: 00007FF76330E52A
vault, xrefs: 00007FF76330E32F
system, xrefs: 00007FF76330E2DB

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$AddressProc$Library$FreeLoad
String ID: cannot use push_back() with $system$vault
API String ID: 2463004387-1741236777
Opcode ID: 2b98cdbaa1bbfeffe98e90da3d23d5e7708a7210484257f37841cb4d8938f9d5
Instruction ID: aceda159bda374435a99ddfe595b398cea077144a1d837950d5a80f5b72931a0
Opcode Fuzzy Hash: 2b98cdbaa1bbfeffe98e90da3d23d5e7708a7210484257f37841cb4d8938f9d5
Instruction Fuzzy Hash: 01925E72609BC58ADB619F29E8403EDB3B4F749798F504229DB9C5BB99EF38C654C300

Function 00007FF763331A80 Relevance: 30.3, APIs: 11, Strings: 6, Instructions: 571
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

directory_iterator::directory_iterator, xrefs: 00007FF76333283A, 00007FF763333E93
status, xrefs: 00007FF763332828, 00007FF76333284A, 00007FF763332872, 00007FF76333289A
cannot use push_back() with , xrefs: 00007FF7633327E9
Profiles, xrefs: 00007FF763331898
prefs.js, xrefs: 00007FF763332FB8
exists, xrefs: 00007FF763331A64, 00007FF763333E7C

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: Profiles$cannot use push_back() with $directory_iterator::directory_iterator$exists$prefs.js$status
API String ID: 0-1457875953
Opcode ID: 89d9a8ab5d0dbe2dbe5e81df4987dba28a8c4ea003609d94d462e5a4adcd2181
Instruction ID: 95f21914e547105f6e9dcebd450a9353caf4396edbd63e4f27969f45c6e98d7b
Opcode Fuzzy Hash: 89d9a8ab5d0dbe2dbe5e81df4987dba28a8c4ea003609d94d462e5a4adcd2181
Instruction Fuzzy Hash: 91525A32909BC5C5E6B1AB15E8813EAB3A4FBC9784F405229DACC67B59EF3CD144CB50

Function 00007FF763301D4E Relevance: 28.8, APIs: 10, Strings: 6, Instructions: 804
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

Strings

directory_iterator::directory_iterator, xrefs: 00007FF763302A70, 00007FF763302ABA
filename, xrefs: 00007FF763302396
telegram, xrefs: 00007FF7633024AC, 00007FF7633027DE
status, xrefs: 00007FF763302A80, 00007FF763302A96
content, xrefs: 00007FF76330244D
exists, xrefs: 00007FF763302A54

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: content$directory_iterator::directory_iterator$exists$filename$status$telegram
API String ID: 0-572754909
Opcode ID: 8eaa77fff3547dcf0fa5227ed6f9769ab59cee067ab09958a86cd50c67ba0331
Instruction ID: f503c4f35146fd27855d673a30914891d40a0b2e040cf8d48b7ac6ee33094e90
Opcode Fuzzy Hash: 8eaa77fff3547dcf0fa5227ed6f9769ab59cee067ab09958a86cd50c67ba0331
Instruction Fuzzy Hash: B882B332A15BC5C9EB61AF25D8843EDB360FB85758F844239DA4D6BBA9DF38D640C310

Function 00007FF76338BAE8 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetFileAttributesExW.KERNEL32 ref: 00007FF76338BB95
GetLastError.KERNEL32 ref: 00007FF76338BB9F
FindFirstFileW.KERNEL32 ref: 00007FF76338BBB6
GetLastError.KERNEL32 ref: 00007FF76338BBC2
FindClose.KERNEL32 ref: 00007FF76338BBD0
__std_fs_open_handle.LIBCPMT ref: 00007FF76338BC63
CloseHandle.KERNEL32 ref: 00007FF76338BC79
CloseHandle.KERNEL32 ref: 00007FF76338BDEC

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Close$ErrorFileFindHandleLast$AttributesFirst__std_fs_open_handle
String ID:
API String ID: 2398595512-0
Opcode ID: b0954c19c2ec1b49376cfeb0a7b9e933d87c955ad15e2e4042eb139bd7e8b443
Instruction ID: c293822cbef2207a2592b10fd7497e49df41b789de5d62dbdf587cbadc3a3390
Opcode Fuzzy Hash: b0954c19c2ec1b49376cfeb0a7b9e933d87c955ad15e2e4042eb139bd7e8b443
Instruction Fuzzy Hash: 9191B531A08A43C6E6F46B17A814679A2A0EF457B4F980738D97D6FBD4DE3CE445C720

Function 00007FF76330C9C0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 668
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CredEnumerateA.ADVAPI32 ref: 00007FF76330CA22
CredFree.ADVAPI32 ref: 00007FF76330D434
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D46A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4BC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4C2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4CE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4D4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4DA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4E0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330D4E6

Strings

cannot use push_back() with , xrefs: 00007FF76330D480

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Cred$EnumerateFree
String ID: cannot use push_back() with
API String ID: 1347986415-4122110429
Opcode ID: db70fc8c7cc1e53bb913ccbf7ba85581c9265d57aaf4195650c43122afca833d
Instruction ID: d8d39d988e2983716efb1040c462e0d63942c7a28e9fa82c4acb7b6127594adf
Opcode Fuzzy Hash: db70fc8c7cc1e53bb913ccbf7ba85581c9265d57aaf4195650c43122afca833d
Instruction Fuzzy Hash: 3B628172A04BC5C9EB609F25E8403EDB761FB49798F505329EAAC1BB99DF78D184C310

Function 00007FF763361B00 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 421
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF763361CB0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF763361CBE
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF763361F4D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF763361F5B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763362103
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763362109
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76336212C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763362132
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763362138
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76336215B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763362161

Strings

value, xrefs: 00007FF763361BD6, 00007FF763361E7D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 905df17ddf5fb733e77bc0a4f9a92f8ad7025c56cba96bea3251c24b5fa3678d
Instruction ID: c9f1d0e781ac1e9cf8bddcf69e1c4bcf0e8835d4e9cfae751f3ca7a841c7e8f5
Opcode Fuzzy Hash: 905df17ddf5fb733e77bc0a4f9a92f8ad7025c56cba96bea3251c24b5fa3678d
Instruction Fuzzy Hash: 1012E622E19BC1C9EB41DB76D4403BDA761EB863A4F905235EA9D66BDADF7CD080C310

Function 00007FF763357BC0 Relevance: 19.9, APIs: 13, Instructions: 431
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

recv.WS2_32 ref: 00007FF763357D9E
recv.WS2_32 ref: 00007FF7633582B9
closesocket.WS2_32 ref: 00007FF7633582CB
WSACleanup.WS2_32 ref: 00007FF7633582D1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583C3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583C9
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583CF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583D5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583DB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583E7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583ED
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633583F3

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$recv$Cleanupclosesocket
String ID:
API String ID: 3402187201-0
Opcode ID: 9064601b55afc3268a856f0008743e1efd5d557aabc0f4eb4d7f6c1238982a2f
Instruction ID: af46279b2958774f506fc5c5e4673a3787da7b60c905ec7170fadf664bd30a26
Opcode Fuzzy Hash: 9064601b55afc3268a856f0008743e1efd5d557aabc0f4eb4d7f6c1238982a2f
Instruction Fuzzy Hash: 3E12B872A187C5C1EA61AB16E4443EAE761FB893A0F904236D6DD67BE9DF7CD080C710

Function 00007FF76330E5A0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324
processCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF76330E5E8
Process32FirstW.KERNEL32 ref: 00007FF76330E62A
Process32NextW.KERNEL32 ref: 00007FF76330E829
CloseHandle.KERNEL32 ref: 00007FF76330EA9B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330EB34
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330EB3A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330EB40
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330EB46

Strings

[PID: , xrefs: 00007FF76330E664

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID: [PID:
API String ID: 1946380282-2210602247
Opcode ID: 707e104124b93063194511a9bdad35d81a8a4ba7d3925c2e90c534d8c1506ad0
Instruction ID: f4e22e9c368428dfb7da164d7b738f7274aec731af3fe93a2ae7ed50a05bb133
Opcode Fuzzy Hash: 707e104124b93063194511a9bdad35d81a8a4ba7d3925c2e90c534d8c1506ad0
Instruction Fuzzy Hash: 7BE1E672618BC1C5E761DF26E8803EDB765FB857A8F805225EA9D1BB99DF38D240C310

Function 00007FF76330EC50 Relevance: 15.7, APIs: 10, Instructions: 716COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA19
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA1F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA25
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA2B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA31
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA37
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA3D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA43
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA49
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330FA4F

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 5bf3cefcc1b12d0f908fae1d1b68f269451cfeba0dc988f38174dabf3f0848ce
Instruction ID: e1ba434fdc26f212fa97b828a580ddf09959f2268c305b16eda04215bfe47a71
Opcode Fuzzy Hash: 5bf3cefcc1b12d0f908fae1d1b68f269451cfeba0dc988f38174dabf3f0848ce
Instruction Fuzzy Hash: 94726032605BC589DB719F29E8403EDB3A4F789798F504325EADC6AB99DF38C284C714

Function 00007FF763358400 Relevance: 15.4, APIs: 10, Instructions: 377networkfileCOMMON

Download Yara Rule

APIs

InternetOpenA.WININET ref: 00007FF763358632

Part of subcall function 00007FF763384D80: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF763301944), ref: 00007FF763384D90

InternetOpenUrlA.WININET ref: 00007FF7633586A2
HttpQueryInfoW.WININET ref: 00007FF7633586FA
HttpQueryInfoW.WININET ref: 00007FF763358783
InternetQueryDataAvailable.WININET ref: 00007FF7633587C1
InternetReadFile.WININET ref: 00007FF76335887B
InternetQueryDataAvailable.WININET ref: 00007FF763358941
InternetCloseHandle.WININET ref: 00007FF7633589E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763358A1B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763358A21

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Internet$Query$AvailableDataHttpInfoOpen$CloseConcurrency::cancel_current_taskCriticalEnterFileHandleReadSection_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2754876294-0
Opcode ID: 14968f1006e427f15a06223f8d08607396f5d2f295d36b78be71ae35b45849b8
Instruction ID: 8e0ec71991ec8265ce25c89dff1e92ddcd28151748422f56eb1e05944c36a9e1
Opcode Fuzzy Hash: 14968f1006e427f15a06223f8d08607396f5d2f295d36b78be71ae35b45849b8
Instruction Fuzzy Hash: 0E026132B28B95C5F740DB66E8402ADB7B4FB84798F501229EE8D67B99DF78D080C710

Function 00007FF7633518D0 Relevance: 14.5, APIs: 4, Strings: 4, Instructions: 452fileCOMMON

Download Yara Rule

APIs

GetFileSize.KERNEL32 ref: 00007FF763351AEF
SetFilePointer.KERNEL32 ref: 00007FF763351BA2
ReadFile.KERNEL32 ref: 00007FF763351BD1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763352063

Strings

ios_base::failbit set, xrefs: 00007FF7633520B1
ios_base::eofbit set, xrefs: 00007FF7633520B8
exists, xrefs: 00007FF763352056
ios_base::badbit set, xrefs: 00007FF76335207D, 00007FF7633520A5

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: File$PointerReadSize_invalid_parameter_noinfo_noreturn
String ID: exists$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 2478245620-15404121
Opcode ID: 5d8242099734290fb5c2cd9d0b9a4ed373f2cb241c23ad425eb2d1444e5b8d73
Instruction ID: d7b065e0c37c92f43918e7bf691654231f8bdda2c7d69a6eed9d9ed10b133476
Opcode Fuzzy Hash: 5d8242099734290fb5c2cd9d0b9a4ed373f2cb241c23ad425eb2d1444e5b8d73
Instruction Fuzzy Hash: 9B321832A15BC5C9EB60EF29D8803E9B7A0FB44758F80423ADA4D67B99EF78D544C710

Function 00007FF7633796B8 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 335timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7633796FD

Part of subcall function 00007FF763378D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763378D7C

Part of subcall function 00007FF763373E04: RtlFreeHeap.NTDLL(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E1A
Part of subcall function 00007FF763373E04: GetLastError.KERNEL32(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E24

Part of subcall function 00007FF763368708: IsProcessorFeaturePresent.KERNEL32(?,?,?,?,00007FF7633686B6,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763368711
Part of subcall function 00007FF763368708: GetCurrentProcess.KERNEL32(?,?,?,?,00007FF7633686B6,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763368736

Part of subcall function 00007FF763381E20: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763381D6B

_get_daylight.LIBCMT ref: 00007FF7633796EC

Part of subcall function 00007FF763378DC8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763378DDC

_get_daylight.LIBCMT ref: 00007FF763379962
_get_daylight.LIBCMT ref: 00007FF763379973
_get_daylight.LIBCMT ref: 00007FF763379984
GetTimeZoneInformation.KERNEL32(00007FF763379C72), ref: 00007FF7633799AB

Strings

Eastern Summer Time, xrefs: 00007FF763379A69
Eastern Standard Time, xrefs: 00007FF763379A51

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo$CurrentErrorFeatureFreeHeapInformationLastPresentProcessProcessorTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 4070488512-239921721
Opcode ID: 37a35d0dc6c7566623b794cfda2633962aacf996f92dc9f81c09c89044e56338
Instruction ID: f3f6e009921c58a01bfd061c1da5e5fc1c492815b8488bbdf6d8b8e8e6f7095a
Opcode Fuzzy Hash: 37a35d0dc6c7566623b794cfda2633962aacf996f92dc9f81c09c89044e56338
Instruction Fuzzy Hash: 4ED1D122A18242C6E7A0BF23D8415B9E7B1EF86785FC44139EA0D67B85EF3CE441C764

Function 00007FF763352D10 Relevance: 10.9, APIs: 2, Strings: 4, Instructions: 428COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF763384D80: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF763301944), ref: 00007FF763384D90

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335355E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763353564

Strings

Local State, xrefs: 00007FF763352FFA
os_crypt, xrefs: 00007FF763352E2F, 00007FF763353184, 00007FF763353222, 00007FF7633532CF
exists, xrefs: 00007FF763353633
ios_base::badbit set, xrefs: 00007FF76335357F, 00007FF7633535BC, 00007FF7633535FA

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID: Local State$exists$ios_base::badbit set$os_crypt
API String ID: 555700303-1113887999
Opcode ID: c462c773239d946173dbf18e47caa983b3ec1196ebe5b435ccb68ef175641302
Instruction ID: a3632b5dd70135c641c955a307c759f837d6f4246fdc45fafa7953a92ed48c34
Opcode Fuzzy Hash: c462c773239d946173dbf18e47caa983b3ec1196ebe5b435ccb68ef175641302
Instruction Fuzzy Hash: 5F327132A19BC2C5DAA1EB15E4903EAF364FB84754F80523ADA9D53BA9DF3CD144CB10

Function 00007FF763375EB4 Relevance: 10.8, APIs: 7, Instructions: 286COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633762E6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 871cd596d817da1dfca138a3484f660d41bf89ec6fb81b35143c343f2ca51a0b
Instruction ID: 7fc582450ad321f89d2f4d746eba8d3a9ca70d0255f4133bd19ba94e3aeac80e
Opcode Fuzzy Hash: 871cd596d817da1dfca138a3484f660d41bf89ec6fb81b35143c343f2ca51a0b
Instruction Fuzzy Hash: 41C1D022A0C686D5EBE17B1684243BDA6B0FB82B82F85413CDA4D27792CF7DE454C724

Function 00007FF763379934 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 143timeCOMMONLIBRARYCODE

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF763379962

Part of subcall function 00007FF763378DC8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763378DDC

_get_daylight.LIBCMT ref: 00007FF763379973

Part of subcall function 00007FF763378D68: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763378D7C

_get_daylight.LIBCMT ref: 00007FF763379984

Part of subcall function 00007FF763378D98: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763378DAC

Part of subcall function 00007FF763373E04: RtlFreeHeap.NTDLL(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E1A
Part of subcall function 00007FF763373E04: GetLastError.KERNEL32(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E24

GetTimeZoneInformation.KERNEL32(00007FF763379C72), ref: 00007FF7633799AB

Strings

Eastern Summer Time, xrefs: 00007FF763379A69
Eastern Standard Time, xrefs: 00007FF763379A51

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo$ErrorFreeHeapInformationLastTimeZone
String ID: Eastern Standard Time$Eastern Summer Time
API String ID: 3458911817-239921721
Opcode ID: ac5588a5ff664b8a5f0424968954f99b69c1fbc099cb9212fbaebeac0ee85e96
Instruction ID: 079b0e4624966ecc21769db707587e1f5d616dd34280fc67d25d876e713160c0
Opcode Fuzzy Hash: ac5588a5ff664b8a5f0424968954f99b69c1fbc099cb9212fbaebeac0ee85e96
Instruction Fuzzy Hash: 8851AB32A18242C6E790FF23E9815A9E7A0FB49785F80423DEA4D67B95DF3CE401C764

Function 00007FF763359960 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 250COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359D18
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359D1E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359D24
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359D2A

Strings

cores, xrefs: 00007FF763359B96

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: cores
API String ID: 3668304517-2370456839
Opcode ID: a05b6d6b301fc25f31edc7bc7575b86fa9b45acb600edd5d86db558c14c5cc35
Instruction ID: a90fbcf31d97af0dba52d38938590465829d037f5d2c7739c328fd73cfa92084
Opcode Fuzzy Hash: a05b6d6b301fc25f31edc7bc7575b86fa9b45acb600edd5d86db558c14c5cc35
Instruction Fuzzy Hash: 4AB19062F14B858AF700DFB9C0413AC7762EB99368F90532ADE5C36B9ADF789185C350

Function 00007FF763300BD0 Relevance: 4.8, APIs: 3, Instructions: 336COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 42d69556137239d4018a4a046d5d66665d6a6635332840f1875bc2263b5e90c7
Instruction ID: 7c230bb7f49308b2bc36f257827c35ed52ac0d87316b0c57dfd08f3d0ce35d2a
Opcode Fuzzy Hash: 42d69556137239d4018a4a046d5d66665d6a6635332840f1875bc2263b5e90c7
Instruction Fuzzy Hash: 2EF16232A19F8889EB608B69E44135DB7B0F789798F505329EEDC56B99EF7CC180C700

Function 00007FF7633012C0 Relevance: 4.8, APIs: 3, Instructions: 328COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bfdf69b2787f59eeaecb1f115bae47d78ddfe4f3593e2ed65244e29632c2e00d
Instruction ID: e6ed652974ef16056af56213c89d57d2a73ff9c1af3536c1b26366a4d97beb0e
Opcode Fuzzy Hash: bfdf69b2787f59eeaecb1f115bae47d78ddfe4f3593e2ed65244e29632c2e00d
Instruction Fuzzy Hash: 50F15032A19F8889EB608B69E44135DB7B0F789798F505325EEDC56B99EF3CD180C700

Function 00007FF76335A4B0 Relevance: 4.7, APIs: 3, Instructions: 160COMMON

Download Yara Rule

APIs

GetLogicalDriveStringsW.KERNEL32 ref: 00007FF76335A521
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335A746
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335A74C

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$DriveLogicalStrings
String ID:
API String ID: 3916208290-0
Opcode ID: a1fca8bcaa72458f355929caee6bb519fc86481125b0adeec8b7a65b6a98e8be
Instruction ID: 04cbb80127669388d49113c3df8278e1f29ada0f5174b8481690a68ff43ff4a1
Opcode Fuzzy Hash: a1fca8bcaa72458f355929caee6bb519fc86481125b0adeec8b7a65b6a98e8be
Instruction Fuzzy Hash: 7C71A332A18B81C2E7109F25E48039EB771FB84798F505229EA9C23BA9DF7CE1D0D750

Function 00007FF76335A760 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 171timeCOMMON

Download Yara Rule

APIs

GetTimeZoneInformation.KERNEL32 ref: 00007FF76335AAA5

Strings

[UTC, xrefs: 00007FF76335AA72

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: InformationTimeZone
String ID: [UTC
API String ID: 565725191-1715286942
Opcode ID: 212000cced222a5dc7caf820b1ec4ab89a7c66cbca98204d263862c5374b7d4e
Instruction ID: 7115b4aadc3ab484b229025460746e0d9f87c2ecd84cb72a9befd6dd2b87c6cb
Opcode Fuzzy Hash: 212000cced222a5dc7caf820b1ec4ab89a7c66cbca98204d263862c5374b7d4e
Instruction Fuzzy Hash: B091E832619FC889D7718F29E84129AB7A4F399788F105325EACD5BB58EF38D250CB00

Function 00007FF7633416A0 Relevance: 3.1, APIs: 2, Instructions: 86encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF7633416F8
LocalFree.KERNEL32 ref: 00007FF76334178A

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect
String ID:
API String ID: 1561624719-0
Opcode ID: 4e58c951b7c5e6adfc0a1d9a22f9c6bd733eaecc205548daf511c016fcdcf1dd
Instruction ID: 7676a0f38d7f350e04070689b85ff21a7ea7380aa6b4004c58560cd45f2b216f
Opcode Fuzzy Hash: 4e58c951b7c5e6adfc0a1d9a22f9c6bd733eaecc205548daf511c016fcdcf1dd
Instruction Fuzzy Hash: 3A415932A18B81CAF3209F75D5403AD77A4FB5974CF440239EA8C16E8ADF79D164C354

Function 00007FF763359410 Relevance: 1.5, APIs: 1, Instructions: 36COMMON

Download Yara Rule

APIs

GetUserNameW.ADVAPI32 ref: 00007FF763359455

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: NameUser
String ID:
API String ID: 2645101109-0
Opcode ID: 0871bde2d788b78335871fd266b49462b60068c1f051bbca3e7ae24717f37f63
Instruction ID: def305175c7a6a579fb9dd0baa18013d4e527e812b922fd837c99f17e72709ae
Opcode Fuzzy Hash: 0871bde2d788b78335871fd266b49462b60068c1f051bbca3e7ae24717f37f63
Instruction Fuzzy Hash: B901527291878182E761DF15E4403AAB3A4FB98788F800135E6CD52B55DFBCD194CB40

Function 00007FF763360440 Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

\u%04x, xrefs: 00007FF763360636

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: \u%04x
API String ID: 0-2916071157
Opcode ID: b91eab7eddda3438d0160b701b9c771a5be05e06c21634bd1e17fd1013c12c1d
Instruction ID: 68332176a54eab3ec66036a2f53df129864d4907bbea3cbf5fb47341fabc33b7
Opcode Fuzzy Hash: b91eab7eddda3438d0160b701b9c771a5be05e06c21634bd1e17fd1013c12c1d
Instruction Fuzzy Hash: 2A81F332A0C646DAEA94EB16D1916BDA761FB86B80F855039CF4E23B91DF3CE554C320

Function 00007FF76335FA58 Relevance: 1.5, Strings: 1, Instructions: 209COMMON

Download Yara Rule

Strings

": , xrefs: 00007FF76335FB35, 00007FF76335FBD5

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: ":
API String ID: 0-3662656813
Opcode ID: dbd0ed8516a4cc5c4625d639ae940563b17413e68dca520790d84e6f5753e9d8
Instruction ID: 90fba42f6b29381924017ea073e125f2d8c1b05cfd0061d6899fe43eb6d5f4a3
Opcode Fuzzy Hash: dbd0ed8516a4cc5c4625d639ae940563b17413e68dca520790d84e6f5753e9d8
Instruction Fuzzy Hash: 1D912676608A86C2DB60EF26D09466DB761FB89FC8F859026CF4E17B64CF39D158CB10

Function 00007FF7633140B0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON

Download Yara Rule

Strings

ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/, xrefs: 00007FF763314139

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/
API String ID: 0-1713319389
Opcode ID: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
Instruction ID: a5ed450523caf9a1e04399d808f898d415cc0cdd916677b25159e7e25190c7e2
Opcode Fuzzy Hash: 437ae662eb117c41f44ff7f9c77615c2854eafd9d66bebc79b763ab490802efe
Instruction Fuzzy Hash: 9941066361D7E089D742CB3A841127DBFB2E366F88B5CC162D7D887746CA2DD206C720

Function 00007FF7633529E0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 193
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF763358A30: GetUserGeoID.KERNEL32 ref: 00007FF763358A55
Part of subcall function 00007FF763358A30: GetGeoInfoA.KERNEL32 ref: 00007FF763358A6D
Part of subcall function 00007FF763358A30: GetGeoInfoA.KERNEL32 ref: 00007FF763358ABD

Part of subcall function 00007FF763310AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763310B94

WSAStartup.WS2_32 ref: 00007FF763352AEC
socket.WS2_32 ref: 00007FF763352B07
htons.WS2_32 ref: 00007FF763352B28
inet_pton.WS2_32 ref: 00007FF763352B55
connect.WS2_32 ref: 00007FF763352B6D
closesocket.WS2_32 ref: 00007FF763352B83
WSACleanup.WS2_32 ref: 00007FF763352B89
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763352CFB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763352D01
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763352D07

Strings

176.124.204.206, xrefs: 00007FF763352B35
geo, xrefs: 00007FF763352A99
system, xrefs: 00007FF763352A5A

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Info$CleanupStartupUserclosesocketconnecthtonsinet_ptonsocket
String ID: 176.124.204.206$geo$system
API String ID: 2440148987-2101002029
Opcode ID: e7f163373f1f68074f436349328a7394993a0486a9352bfce74b1ccfe7400599
Instruction ID: 9034120cf678de0a81f6db0cdf764a86975459e7e8027d6ac0bcefb193e61342
Opcode Fuzzy Hash: e7f163373f1f68074f436349328a7394993a0486a9352bfce74b1ccfe7400599
Instruction Fuzzy Hash: 77919262F08A42C9FB40EF76E4502ACB371EF44358F80563ADA5D66BA9EE3C9145C320

Function 00007FF7633514B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF763351320: InitializeCriticalSectionEx.KERNEL32 ref: 00007FF763351371
Part of subcall function 00007FF763351320: GetLastError.KERNEL32 ref: 00007FF76335137B

EnterCriticalSection.KERNEL32 ref: 00007FF7633514F1
GdiplusStartup.GDIPLUS ref: 00007FF763351518
LeaveCriticalSection.KERNEL32 ref: 00007FF763351526
LeaveCriticalSection.KERNEL32 ref: 00007FF763351554
GdipGetImageEncodersSize.GDIPLUS ref: 00007FF763351562
GdipGetImageEncoders.GDIPLUS ref: 00007FF7633515F6
GdipCreateBitmapFromScan0.GDIPLUS ref: 00007FF7633516BA
GdipSaveImageToStream.GDIPLUS ref: 00007FF7633516D8
GdipDisposeImage.GDIPLUS ref: 00007FF76335173D
GdipDisposeImage.GDIPLUS ref: 00007FF763351751

Strings

&, xrefs: 00007FF7633516B4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Gdip$Image$CriticalSection$DisposeEncodersLeave$BitmapCreateEnterErrorFromGdiplusInitializeLastSaveScan0SizeStartupStream
String ID: &
API String ID: 1703174404-3042966939
Opcode ID: 258f57589f733d9db5dd03cd69d3f576a81e6c4f73ba0decaf4fabaadf714bfa
Instruction ID: cb55345593617f7ddab6b1b7b889d8dfbcb863cdb907f56a6b69348bbedf713a
Opcode Fuzzy Hash: 258f57589f733d9db5dd03cd69d3f576a81e6c4f73ba0decaf4fabaadf714bfa
Instruction Fuzzy Hash: CC910B32E04B42C9EB90EF32D8405A8BBA4FB547A8F85453AEA5E67B94DF3CD541C350

Function 00007FF763340390 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 118
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334054D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763340553
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763340559
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334055F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763340565

Strings

port, xrefs: 00007FF763340B84
176.124.204.206, xrefs: 00007FF763340B47
5FbeQM3x+58/nMpdia7AF5DyhKEXonXRJTycAVdLKzI=, xrefs: 00007FF7633406CC
type must be number, but is , xrefs: 00007FF763340F9E, 00007FF763341045
QhoUvbB5PEQ=, xrefs: 00007FF763340754

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: 176.124.204.206$5FbeQM3x+58/nMpdia7AF5DyhKEXonXRJTycAVdLKzI=$QhoUvbB5PEQ=$port$type must be number, but is
API String ID: 3668304517-3327423027
Opcode ID: c89d9505c1229be2380f663996fda926188632ac9c16584dfc2abe87fb9fa606
Instruction ID: 65ddf7d140ad7a53bf2ab9c6e80c5af1e2069c972e533a875d5b38c8e485e019
Opcode Fuzzy Hash: c89d9505c1229be2380f663996fda926188632ac9c16584dfc2abe87fb9fa606
Instruction Fuzzy Hash: 914193A2709685C5FB44EB2AD4583BDA356EB11F88FD04439DA4C2A7ABDF78C4C4C360

Function 00007FF76335AAE6 Relevance: 16.9, APIs: 11, Instructions: 377
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0B0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0B6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0BC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0C2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0C8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0CE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0D4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0DA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0E0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0E6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335B0EC

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 3e862abfc831c003ca9250d5e42bb48159188533bdbc1e907ac646608f375d00
Instruction ID: f581fb801b6af10a8364c0c3a142f0a5d7db26f46d6f7ea74935ed5262a04d77
Opcode Fuzzy Hash: 3e862abfc831c003ca9250d5e42bb48159188533bdbc1e907ac646608f375d00
Instruction Fuzzy Hash: DFF12963E187C5C5EB419B3AD4043ACA711EB857A4F909326DAAC26BEADF7CD1C0C310

Function 00007FF7633314C0 Relevance: 16.0, APIs: 4, Strings: 5, Instructions: 225COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763331836
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333183C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763331842
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763331848

Strings

directory_iterator::directory_iterator, xrefs: 00007FF763331490
status, xrefs: 00007FF7633314A0
chrome_key, xrefs: 00007FF763331266, 00007FF763331388
exists, xrefs: 00007FF76333147D, 00007FF763331814, 00007FF763331829
key, xrefs: 00007FF763331015, 00007FF763331142

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: chrome_key$directory_iterator::directory_iterator$exists$key$status
API String ID: 3668304517-2866355200
Opcode ID: 842b569f3b3d82af19ab9c615f90c268fcf32daf0aa98b27de6a646b5b05b21f
Instruction ID: aa5dd28378ab1a6b63594ec805fbfcfa39b345d651dc713491cefe17ffe280bc
Opcode Fuzzy Hash: 842b569f3b3d82af19ab9c615f90c268fcf32daf0aa98b27de6a646b5b05b21f
Instruction Fuzzy Hash: DBA1D672A04B86C6EB40EF65E8443ADB361FB44798F909639EA5D27BA9DF3CD141C310

Function 00007FF763393C08 Relevance: 13.8, APIs: 9, Instructions: 276fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7633937E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763393829
Part of subcall function 00007FF7633937E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7633938A9
Part of subcall function 00007FF7633937E8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7633938FD
Part of subcall function 00007FF7633937E8: _get_daylight.LIBCMT ref: 00007FF763393955

CreateFileW.KERNEL32 ref: 00007FF763393D0E
CreateFileW.KERNEL32 ref: 00007FF763393D5E
GetLastError.KERNEL32 ref: 00007FF763393D8E
GetFileType.KERNEL32 ref: 00007FF763393DA3
GetLastError.KERNEL32 ref: 00007FF763393DAD
CloseHandle.KERNEL32 ref: 00007FF763393DE0
CloseHandle.KERNEL32 ref: 00007FF763393F44
CreateFileW.KERNEL32 ref: 00007FF763393F79
GetLastError.KERNEL32 ref: 00007FF763393F88

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: File$CreateErrorLast_invalid_parameter_noinfo$CloseHandle$Type_get_daylight
String ID:
API String ID: 1330151763-0
Opcode ID: 6285118774f749e8d84d89f3fc9727a5f198784a2c206228c38fa5836f6e4f91
Instruction ID: c6203a132998269db418f714769b7134b763a82b86c7e797929377ea1076eaa1
Opcode Fuzzy Hash: 6285118774f749e8d84d89f3fc9727a5f198784a2c206228c38fa5836f6e4f91
Instruction Fuzzy Hash: 48C1B377B28A41C5EB50EF6AC8902AC7771FB49BA8B410229DE2E6B7D4DF38D451C350

Function 00007FF763353640 Relevance: 12.7, APIs: 2, Strings: 5, Instructions: 413COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF763384D80: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF763301944), ref: 00007FF763384D90

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763353E0A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763353E10

Strings

encrypted_key, xrefs: 00007FF763353861, 00007FF763353AE2, 00007FF763353B8F
os_crypt, xrefs: 00007FF76335375F, 00007FF763353A30, 00007FF763353ACE, 00007FF763353B7B
Local State, xrefs: 00007FF76335389A
exists, xrefs: 00007FF763353EDF
ios_base::badbit set, xrefs: 00007FF763353E2B, 00007FF763353E68, 00007FF763353EA6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID: Local State$encrypted_key$exists$ios_base::badbit set$os_crypt
API String ID: 555700303-529672285
Opcode ID: be5313ba20d33fb6dee1c416b809d7ef15849b19d8d71b149d6cd3c7f336037c
Instruction ID: 76763ab455edee8a78e7a95fd9037c578f0519f74781b21cbca0a89f4af3810f
Opcode Fuzzy Hash: be5313ba20d33fb6dee1c416b809d7ef15849b19d8d71b149d6cd3c7f336037c
Instruction Fuzzy Hash: 5A228632A19BC6D1DAA1EB15E4803EAF760FB84754F80423ADA9D53BA5DF7CD144CB10

Function 00007FF763302BB0 Relevance: 12.3, APIs: 1, Strings: 6, Instructions: 36COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763302C13

Strings

directory_iterator::directory_iterator, xrefs: 00007FF763303C4C, 00007FF763304A78, 00007FF76330644C
filename, xrefs: 00007FF76330371C, 00007FF763304551, 00007FF7633053B1, 00007FF763305A12, 00007FF763305F61
status, xrefs: 00007FF763304A8E, 00007FF76330640E, 00007FF76330641E
content, xrefs: 00007FF7633038D1, 00007FF76330470F, 00007FF7633054D1, 00007FF763305BEC, 00007FF763306134
Wallets, xrefs: 00007FF763303936, 00007FF76330476E, 00007FF763305536, 00007FF763305C51, 00007FF763306199
exists, xrefs: 00007FF763303C2A, 00007FF763304A59, 00007FF7633063CD, 00007FF7633063E8, 00007FF763306485

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Wallets$content$directory_iterator::directory_iterator$exists$filename$status
API String ID: 3668304517-331726099
Opcode ID: 9d88c9dd596880f603f0a42a7411af62108ce0df9fd998f57afb9c91781c7df9
Instruction ID: 5dd7fa038cebd1949f8e633c0693795f60767546dbc5c9868b3e243704d46efd
Opcode Fuzzy Hash: 9d88c9dd596880f603f0a42a7411af62108ce0df9fd998f57afb9c91781c7df9
Instruction Fuzzy Hash: 50F0B4A2A1468581FB58AB69D00836DA351E705F89F944438C78C1E7D6DF7DC4C1C350

Function 00007FF76335A211 Relevance: 9.2, APIs: 6, Instructions: 163registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF76335A229
RegEnumKeyExA.KERNEL32 ref: 00007FF76335A26E
RegCloseKey.ADVAPI32 ref: 00007FF76335A464
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335A497
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335A4A3
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335A4A9

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseEnumOpen
String ID:
API String ID: 2177193445-0
Opcode ID: 3615f07cb8ff19c576fd6b4f946d3be5ef4fe89864409f7535f8990a94e47d16
Instruction ID: 5ab87da252a58efac24c24426bbcc3a9a4f1667948e0f543ad8bcc0f38c5978a
Opcode Fuzzy Hash: 3615f07cb8ff19c576fd6b4f946d3be5ef4fe89864409f7535f8990a94e47d16
Instruction Fuzzy Hash: 40718272A08B8585FB519B65E44436DA761FB453A8F90022AEBAC27BD5DF7CD0C0D710

Function 00007FF7633341A0 Relevance: 9.0, APIs: 4, Strings: 1, Instructions: 225COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763334516
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333451C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763334522
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763334528

Strings

exists, xrefs: 00007FF7633344F4, 00007FF763334509

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: exists
API String ID: 3668304517-2996790960
Opcode ID: 5c1235b651781e4c8b750f994b384f3eee359d1db4b594c28ea417f73e0f61af
Instruction ID: 2d9bb5381f2133c853b42cfc7e568a4b46cc0a387e64b8b71ecddd62241c4fc0
Opcode Fuzzy Hash: 5c1235b651781e4c8b750f994b384f3eee359d1db4b594c28ea417f73e0f61af
Instruction Fuzzy Hash: 28A1B672A08B86C6EB50DF65E8443ADB361FB44798F905239EA5D27BA9DF3CD181C310

Function 00007FF763307B00 Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 106COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF76335A4B0: GetLogicalDriveStringsW.KERNEL32 ref: 00007FF76335A521

Part of subcall function 00007FF763307B00: FindFirstFileW.KERNEL32 ref: 00007FF763306ECF

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763307C68
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763307C6E

Strings

filename, xrefs: 00007FF7633074AA
Grabber, xrefs: 00007FF763307609
content, xrefs: 00007FF76330759F

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$DriveFileFindFirstLogicalStrings
String ID: Grabber$content$filename
API String ID: 3820383557-1559270721
Opcode ID: ce80dbb2ecc2378fce3f1c0631002e6034e706b01a79afe46905bdef6ab37b26
Instruction ID: 3845819bca2222ae6455a3bd7ebbc313f74ff65e0ce9b6a750e0d3e5c472033d
Opcode Fuzzy Hash: ce80dbb2ecc2378fce3f1c0631002e6034e706b01a79afe46905bdef6ab37b26
Instruction Fuzzy Hash: A0419562E08645C1EE60AB16E44026AE761EBC57F4F980336E6AD27BE9DF7CD180C710

Function 00007FF76335A1A0 Relevance: 7.6, APIs: 5, Instructions: 96registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF76335A229
RegEnumKeyExA.KERNEL32 ref: 00007FF76335A26E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: EnumOpen
String ID:
API String ID: 3231578192-0
Opcode ID: a36913a9e4c3cb3fa547cbb311b3305daa72d015cf49b5d665d464c797954e1f
Instruction ID: d461c6f19501426bd17953b32cf92bd43be0e25eac6cde599b2045536dc10670
Opcode Fuzzy Hash: a36913a9e4c3cb3fa547cbb311b3305daa72d015cf49b5d665d464c797954e1f
Instruction Fuzzy Hash: D531B332A04B85C5E761DFA2E8446AEB774FB447A8F600229DE9D27B54DF7CD091C710

Function 00007FF7633597D0 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 45registryCOMMON

Download Yara Rule

APIs

RegGetValueA.KERNEL32 ref: 00007FF763359837

Strings

--type, xrefs: 00007FF7633597D5
SOFTWARE\Microsoft\Windows NT\CurrentVersion, xrefs: 00007FF763359829
ProductName, xrefs: 00007FF763359822

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Value
String ID: --type$ProductName$SOFTWARE\Microsoft\Windows NT\CurrentVersion
API String ID: 3702945584-3762788641
Opcode ID: 9b274ce6bb4d4cdcd3e36ea76c9f110c81100d9485de4f81a8863b0b7cf813e5
Instruction ID: 5bcefc86b9c83b98ca72b4cbe6ad4f5bb3baa6b59f5279d79927128b8296d780
Opcode Fuzzy Hash: 9b274ce6bb4d4cdcd3e36ea76c9f110c81100d9485de4f81a8863b0b7cf813e5
Instruction Fuzzy Hash: 4E113D32908B85C2D7609F22F4413AAF3A4FB99798F900239EADC16B58DFBCD154CB50

Function 00007FF763352470 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32 ref: 00007FF7633524AB
OpenProcessToken.ADVAPI32 ref: 00007FF7633524BC
GetTokenInformation.KERNELBASE ref: 00007FF7633524F4
CloseHandle.KERNEL32 ref: 00007FF763352515

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ProcessToken$CloseCurrentHandleInformationOpen
String ID:
API String ID: 215268677-0
Opcode ID: 843c4e881ea1c955be678229682ad12d7f62d781caae3c893c8b4e9352b10c93
Instruction ID: 49204a6c8cc589194423599bbadfbf5f5a20ec760964737fd81cf6072d66b054
Opcode Fuzzy Hash: 843c4e881ea1c955be678229682ad12d7f62d781caae3c893c8b4e9352b10c93
Instruction Fuzzy Hash: 24114A32618B82C6E7909F12F84035AF7A0FB84B84F844139EA8D57B18DF3CD415CB50

Function 00007FF76335F620 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 257COMMON

Download Yara Rule

Strings

os_crypt, xrefs: 00007FF76335F626

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: os_crypt
API String ID: 0-1885529964
Opcode ID: 6cd1e62ccbf59bc056a7ee45604afab4ca7d3205a5ef0a59b9cdf789acb3c30a
Instruction ID: fd0792b363405f4a37f5ba4d40d49f2b451d91c236fb4856ddd90dd4016d249f
Opcode Fuzzy Hash: 6cd1e62ccbf59bc056a7ee45604afab4ca7d3205a5ef0a59b9cdf789acb3c30a
Instruction Fuzzy Hash: 65A1B132A04B81C6EB50DF26D8443ADB7A0F789BA8F58823ADA8D57795DF3CD480C710

Function 00007FF76334FF00 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 161COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7633501B0: RegOpenKeyExA.KERNEL32 ref: 00007FF763350201
Part of subcall function 00007FF7633501B0: RegCloseKey.ADVAPI32 ref: 00007FF763350213

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763350199
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335019F

Strings

Profiles, xrefs: 00007FF76334FF58

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CloseOpen
String ID: Profiles
API String ID: 3087652857-1917249382
Opcode ID: 2afd084996fb65d7d85bc09335c39a156f65583df812ce05f705afe239c96caa
Instruction ID: fd8334aa3137f812e368a44cb2b0faf89b8d2784839fb22b579de25351c5419e
Opcode Fuzzy Hash: 2afd084996fb65d7d85bc09335c39a156f65583df812ce05f705afe239c96caa
Instruction Fuzzy Hash: 0271F532A18BC5C5EB50DB66E4403ADB7A1F789798F904236EA9C27BA9DF3CC140C710

Function 00007FF763317540 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 111COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763317699
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331769F

Strings

cannot use operator[] with a numeric argument with , xrefs: 00007FF763317A69

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: cannot use operator[] with a numeric argument with
API String ID: 73155330-485864652
Opcode ID: 47af27a4396b31f4ca52b67e984e374f80d468a776c57d5f4d7245d4691a4da7
Instruction ID: 31d08744aeb921d0bb73ceec397e3985f3bb53698d76acd0378bbd0dfafdd6fb
Opcode Fuzzy Hash: 47af27a4396b31f4ca52b67e984e374f80d468a776c57d5f4d7245d4691a4da7
Instruction Fuzzy Hash: D331E221719782C9EE55BB1BE5042A8E356AB04BE4F980738DE6D1BBD6DE7CE051C310

Function 00007FF763359D30 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 74COMMON

Download Yara Rule

APIs

GetCurrentHwProfileW.ADVAPI32 ref: 00007FF763359D6A

Strings

Unknown, xrefs: 00007FF763359E25
--type, xrefs: 00007FF763359D3B

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CurrentProfile
String ID: --type$Unknown
API String ID: 2104809126-2669863112
Opcode ID: 69ff7fa0b78fb07a03e9d6b68d909bad007d1af503b55ac48648ab31583b2781
Instruction ID: 561b9dff88eaba51aba6fe73ec73b88fff37b3674b32f0816d11287097a0f95c
Opcode Fuzzy Hash: 69ff7fa0b78fb07a03e9d6b68d909bad007d1af503b55ac48648ab31583b2781
Instruction Fuzzy Hash: 7C31C322A2CBC1C6E660DF15F4402AAF760FB99784F94122AEBCD12A56DF7DD184CB10

Function 00007FF7633501B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 69registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF763350201
RegCloseKey.ADVAPI32 ref: 00007FF763350213

Strings

Profiles, xrefs: 00007FF7633501B7

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CloseOpen
String ID: Profiles
API String ID: 47109696-1917249382
Opcode ID: 5829549960449d947faf1de599e7bedf2171007a48caf413cec529ae16cd6429
Instruction ID: 8e5b93e394f62b6fb7d4b9316b7dc97b9d34af0cc9d85da966feafd6a6d784cc
Opcode Fuzzy Hash: 5829549960449d947faf1de599e7bedf2171007a48caf413cec529ae16cd6429
Instruction Fuzzy Hash: 6C21DB21B18A41C5FE90AB23F8403AAE760EF54BD8F840135EE4D13B95DF2DD081C710

Function 00007FF763351780 Relevance: 4.6, APIs: 3, Instructions: 87COMMON

Download Yara Rule

APIs

SHGetKnownFolderPath.SHELL32 ref: 00007FF7633517D9
CoTaskMemFree.OLE32 ref: 00007FF76335189A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633518C2

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FolderFreeKnownPathTask_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2444108017-0
Opcode ID: 90aa186b4265c15d4056cd557437e1a9e26daa12c30c1e3e649755021e69193c
Instruction ID: 2af0adbb855c8607ae3da95b62273a967ee8a60205843e81192f4123fa8a9e49
Opcode Fuzzy Hash: 90aa186b4265c15d4056cd557437e1a9e26daa12c30c1e3e649755021e69193c
Instruction Fuzzy Hash: 64319772D1878181E6609F2AE44025AB761FB997F4F50532AFAEC17B95DF7CD180CB00

Function 00007FF763367114 Relevance: 4.6, APIs: 3, Instructions: 72COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF76336713B

Part of subcall function 00007FF7633670D0: _invalid_parameter_noinfo.LIBCMT ref: 00007FF7633670E7

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633671E8
_local_unwind.LIBVCRUNTIME ref: 00007FF7633671F9

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_local_unwind
String ID:
API String ID: 1677304287-0
Opcode ID: 3b153441c32461bfb0eb759f9cc7ec2d93a122d6959f07e27f40eb8d54cdee1f
Instruction ID: 7950f8dca8dc3d622675d61cc270c84f6829c87345456e60b6bb74731c45c8a4
Opcode Fuzzy Hash: 3b153441c32461bfb0eb759f9cc7ec2d93a122d6959f07e27f40eb8d54cdee1f
Instruction Fuzzy Hash: 5121D731A18646C9EA80FB16E4501B9A360EF96B84FD6013AE60E773E2DE3CE114C730

Function 00007FF763359EDB Relevance: 4.6, APIs: 3, Instructions: 68registryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32 ref: 00007FF763359EF7
RegQueryValueExA.KERNEL32 ref: 00007FF763359F36
RegCloseKey.ADVAPI32 ref: 00007FF763359FD4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CloseOpenQueryValue
String ID:
API String ID: 3677997916-0
Opcode ID: 8d517d52458f60790962c1463bba805df80deba335e50ef2807d8efda91b40ea
Instruction ID: 3c0e405e493b8bc07ef1e2145ae1438008ed40a4f55e7d518b8b40c87d67ca0e
Opcode Fuzzy Hash: 8d517d52458f60790962c1463bba805df80deba335e50ef2807d8efda91b40ea
Instruction Fuzzy Hash: 7121C772A18785C1EA90DF26E08036AE751EBD57E4F805236EA9D52B95DE2CD084C710

Function 00007FF763358A30 Relevance: 4.6, APIs: 3, Instructions: 50COMMON

Download Yara Rule

APIs

GetUserGeoID.KERNEL32 ref: 00007FF763358A55
GetGeoInfoA.KERNEL32 ref: 00007FF763358A6D
GetGeoInfoA.KERNEL32 ref: 00007FF763358ABD

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Info$User
String ID:
API String ID: 2017065092-0
Opcode ID: abc5036c296a8e57beceb74fdc647dcfa0ac5a3609073149a4a7ea06c52c9197
Instruction ID: 51290938f2e0eca423b8f92b49698769215723d2904c6d32f8373488a1be9a68
Opcode Fuzzy Hash: abc5036c296a8e57beceb74fdc647dcfa0ac5a3609073149a4a7ea06c52c9197
Instruction Fuzzy Hash: 7E11BE33A28785C6D7109F62E41065AB761FB90BC8F445138EF8917B49DF7CE150CB80

Function 00007FF763360A80 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 157COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763360C85

Strings

ios_base::badbit set, xrefs: 00007FF763360A82

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: ios_base::badbit set
API String ID: 3668304517-3882152299
Opcode ID: 11c821e4b43dbdbc588919d5dc4f424958b90f249a81ad1a8528aeea595e2633
Instruction ID: 385f4d5df23762402a866b5378980d247487ec160846ac7780c33ad99b8fe147
Opcode Fuzzy Hash: 11c821e4b43dbdbc588919d5dc4f424958b90f249a81ad1a8528aeea595e2633
Instruction Fuzzy Hash: 1761CD22B0CA80CAFB419B7A94413FCA371AF5674CF449228DE8D37B95DF38A595C354

Function 00007FF76331B840 Relevance: 3.2, APIs: 2, Instructions: 206COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331B9B5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331B9C1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: cd8fd92580dba8edd5d65f986a70d68b0eab73f238eba0f6b0a242237305781b
Instruction ID: 60dcee9354ea3923b26977997f2c11425ee4e0cbb7fab33573c4e64314395427
Opcode Fuzzy Hash: cd8fd92580dba8edd5d65f986a70d68b0eab73f238eba0f6b0a242237305781b
Instruction Fuzzy Hash: 2861D222B08B8581E951EB17A50457AB754FB44BE4F948739EEAD2BBD4CF3CE052C310

Function 00007FF7633660D0 Relevance: 3.2, APIs: 2, Instructions: 183COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76336630B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763366317

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 1d6cb4d2482f1ef68bdbd1e68424630939e04501563cd5773f019a30d898e9ac
Instruction ID: 0bd2bec4282ef62fe8af41cae7112047955a9ad9f35f2bc661a67fe3176fbec2
Opcode Fuzzy Hash: 1d6cb4d2482f1ef68bdbd1e68424630939e04501563cd5773f019a30d898e9ac
Instruction Fuzzy Hash: 7B61C222609A41C9EAA0AF57D00427DA761EB06FD4F964639CF6E377D2DE3CE481C310

Function 00007FF763311020 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331120F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763311215

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 046e9d51f2ddea1f7b180091d63b122fa3468643ba29a49ef74c8abe375ff798
Instruction ID: 12694fdbc21fc4ac0aa5f882f5d77c6f57ac294770b2ee93fb725d31afe7532f
Opcode Fuzzy Hash: 046e9d51f2ddea1f7b180091d63b122fa3468643ba29a49ef74c8abe375ff798
Instruction Fuzzy Hash: AC519B32A08B46C5EB96AF2AD4542ACB3A1FB58FE4F944139CE1D633A5DE3CD441C310

Function 00007FF763359550 Relevance: 3.2, APIs: 2, Instructions: 151COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF763352670: __std_fs_get_current_path.LIBCPMT ref: 00007FF7633526E8

GetVolumeInformationW.KERNEL32 ref: 00007FF7633595DD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633597BE

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: InformationVolume__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3375085511-0
Opcode ID: 667e95a111ccc9308dced16a7d399f257838173fc00192af7fc5ce8a679a4a3e
Instruction ID: 550c1a55a1454add6af7e4248802bc542c9041f1e392f18f29c9fe4e63cdcb82
Opcode Fuzzy Hash: 667e95a111ccc9308dced16a7d399f257838173fc00192af7fc5ce8a679a4a3e
Instruction Fuzzy Hash: A4719F32A18B81C9E710DF75E8802ED7774F788758F90422AEA8D67B59EF78D184C750

Function 00007FF7633176B0 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763317848
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331784E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: 975f2292ed3ab7cd8cb3798530030509bef457a3fbaa49436a981110db01395f
Instruction ID: d146de86ced6d73e0ce05604d3a16161dabc7b6682d10a809ffe5a7881e5b5e2
Opcode Fuzzy Hash: 975f2292ed3ab7cd8cb3798530030509bef457a3fbaa49436a981110db01395f
Instruction Fuzzy Hash: 63410322B08781C1EAA1AB16E10426AF755FB44BD4F980639EFAD17BD9DF7CE040C310

Function 00007FF76333BC80 Relevance: 3.1, APIs: 2, Instructions: 125COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333BE19
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76333BE25

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: b67eeb4d8761d791fde975bd1e9a88dcc517fb5f84569c5d75c8d82ec9108bc3
Instruction ID: f13dfe76aff816cc14ea17b64ad0c6a8966bbd8251472769f527fc4d430cb50c
Opcode Fuzzy Hash: b67eeb4d8761d791fde975bd1e9a88dcc517fb5f84569c5d75c8d82ec9108bc3
Instruction Fuzzy Hash: B841D222609B85C1EA64EF16E44427AE3A4FB48BD0FA48639DBAD17B95CF3CD050C310

Function 00007FF7632FFC40 Relevance: 3.1, APIs: 2, Instructions: 123COMMON

Download Yara Rule

APIs

__std_fs_directory_iterator_open.LIBCPMT ref: 00007FF7632FFD53

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: __std_fs_directory_iterator_open
String ID:
API String ID: 4007087469-0
Opcode ID: 94b04f1cb2cf3656ee73b5c6c15997d5b3bfe66093c08fb928735d05e49a60f6
Instruction ID: 8bd4ee409ac49a5981b955924734d1f8e39f4dccf7a0597bcdb9a35d8ff5aedd
Opcode Fuzzy Hash: 94b04f1cb2cf3656ee73b5c6c15997d5b3bfe66093c08fb928735d05e49a60f6
Instruction Fuzzy Hash: FA412663A48642D5EA50AB15E4402BAA391EF857F8F880339EE6C577E5EF3CD0C1C720

Function 00007FF76331B9D0 Relevance: 3.1, APIs: 2, Instructions: 111COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331BB3C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331BB48

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: ffe440de61b82e5f398e9f0ac531d7edb89aedd7f1e7035129276699f07fd964
Instruction ID: 6e93214485ffb00106eaecbb1a8fe0b8a04971be0890f772130c1339ae342abe
Opcode Fuzzy Hash: ffe440de61b82e5f398e9f0ac531d7edb89aedd7f1e7035129276699f07fd964
Instruction Fuzzy Hash: 8D31B062718685C1E995EA57A8041BAF750FB44BE4F948A39EEAD2BBD5CF3CE041C310

Function 00007FF763316D59 Relevance: 3.1, APIs: 2, Instructions: 102COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: f156c46424bb9a348111ed454f692e5fcaf150f18fa80458846ed35b1bb3665e
Instruction ID: 48931ebe1bbe0ac8200e4395c6ef0f926fcb2243403f4008b986ec82f96d5100
Opcode Fuzzy Hash: f156c46424bb9a348111ed454f692e5fcaf150f18fa80458846ed35b1bb3665e
Instruction Fuzzy Hash: 7631B131709641C5EEA5AB56E2042B9F256AF48BE0F880639DF5D1BBD5DE3CE081C320

Function 00007FF76332B750 Relevance: 3.1, APIs: 2, Instructions: 101COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B8CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B8D1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 262b5e8506a9a074d62926610c2e51101e4d88319338fccb5df5ad85ac35eb22
Instruction ID: 850385d78e72b6b8a12a409fd631a01c359504ef6ac1571eece9e509ea41c870
Opcode Fuzzy Hash: 262b5e8506a9a074d62926610c2e51101e4d88319338fccb5df5ad85ac35eb22
Instruction Fuzzy Hash: B741EB62A187C5C6FA50AB2AE44536AF750FB857A4F900339E6EC567D5DF3CD080CB10

Function 00007FF763311A80 Relevance: 3.1, APIs: 2, Instructions: 95COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763311B80
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763311B8C

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 73155330-0
Opcode ID: f9c8b5776e2933e5e990604a8b11885257ddd64a82d55928efbbbe774be918d6
Instruction ID: c8ee30b895addbba0b515635a71480b181ac14b76f836a6ab72f26e671c58745
Opcode Fuzzy Hash: f9c8b5776e2933e5e990604a8b11885257ddd64a82d55928efbbbe774be918d6
Instruction Fuzzy Hash: 2121F632E05A4185EE99AB16A5002B9A351AF54BB4F648735DA3C13BD5FE7CE4D2C340

Function 00007FF763347AEA Relevance: 3.1, APIs: 2, Instructions: 61synchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF76330E5A0: CreateToolhelp32Snapshot.KERNEL32 ref: 00007FF76330E5E8
Part of subcall function 00007FF76330E5A0: Process32FirstW.KERNEL32 ref: 00007FF76330E62A

Part of subcall function 00007FF76330C9C0: CredEnumerateA.ADVAPI32 ref: 00007FF76330CA22

Part of subcall function 00007FF763357BC0: recv.WS2_32 ref: 00007FF763357D9E

ReleaseMutex.KERNEL32 ref: 00007FF763347B50
CloseHandle.KERNEL32 ref: 00007FF763347B59

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CloseCreateCredEnumerateFirstHandleMutexProcess32ReleaseSnapshotToolhelp32recv
String ID:
API String ID: 420082584-0
Opcode ID: 984f70c47e4c59795d457a7adcd0c7a85abdb293d432f429c0564b5387438e4d
Instruction ID: 7ca1b0db02018f8258c7c02f604b481fe68bd2e3406ee8178927e086b9d34bed
Opcode Fuzzy Hash: 984f70c47e4c59795d457a7adcd0c7a85abdb293d432f429c0564b5387438e4d
Instruction Fuzzy Hash: 24219D21E0C682C0FAD1BB67A8463FDD215AF45790FC45539E96D3A7D79E2CE484C231

Function 00007FF763376428 Relevance: 3.0, APIs: 2, Instructions: 46COMMONLIBRARYCODE

Download Yara Rule

APIs

SetFilePointerEx.KERNEL32(?,?,?,?,?,00007FF7633763C8,?,?,?,?,?,?,?,00007FF76337651D), ref: 00007FF763376474
GetLastError.KERNEL32(?,?,?,?,?,00007FF7633763C8,?,?,?,?,?,?,?,00007FF76337651D), ref: 00007FF76337647E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorFileLastPointer
String ID:
API String ID: 2976181284-0
Opcode ID: 0b289e67f3315a15b91e6abf967764529b2485836cde0f12dbfa8971809dfebb
Instruction ID: bec260c16f26658d84828a3dab8baa7c561b7fe263c95a6723af8c77beb4194d
Opcode Fuzzy Hash: 0b289e67f3315a15b91e6abf967764529b2485836cde0f12dbfa8971809dfebb
Instruction Fuzzy Hash: FE110171A08B81C1DAA0AB26E414169A371EB41FF4F940339EE7D1B7E9CE3CD080C740

Function 00007FF763384E90 Relevance: 3.0, APIs: 2, Instructions: 21COMMONLIBRARYCODE

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763384EC0

Part of subcall function 00007FF763385CAC: std::bad_alloc::bad_alloc.LIBCMT ref: 00007FF763385CB5

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763384EC6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::bad_alloc::bad_alloc
String ID:
API String ID: 1173176844-0
Opcode ID: 405008cc01b437d6d1913cc62f306b0ce1d640e415570274eed73f872d5e1b18
Instruction ID: d8e45352831d520374b67b20dc3a53fac2d92f123afdcc82ed8fb5b4d72c94aa
Opcode Fuzzy Hash: 405008cc01b437d6d1913cc62f306b0ce1d640e415570274eed73f872d5e1b18
Instruction Fuzzy Hash: 75E0EC40E1A207C9FDE976A314160B985480F59774EAC1738E93D287D3AD3CB495C630

Function 00007FF763373E04 Relevance: 3.0, APIs: 2, Instructions: 19memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

RtlFreeHeap.NTDLL(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E1A
GetLastError.KERNEL32(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E24

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorFreeHeapLast
String ID:
API String ID: 485612231-0
Opcode ID: 24c1c0facc83508872a16f71c5f3085ae3b42767224b6ebf063ad29e43c36eb2
Instruction ID: 6b339e0ccc035a4d4b6b86d24ac3bc0e89c686c187fdede18f3d8171c6e5473a
Opcode Fuzzy Hash: 24c1c0facc83508872a16f71c5f3085ae3b42767224b6ebf063ad29e43c36eb2
Instruction Fuzzy Hash: 79E08C51F19682C2FF887BF39844078A2609F8A741BC4003CC91EB7761DE3CA891C334

Function 00007FF763312E3D Relevance: 1.8, APIs: 1, Instructions: 256COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331326D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: ac5a6e8f024a9f482d4cff9144b48fab1265b49d531ab5f92d373b99ba19e449
Instruction ID: ad051c7594e40fd3c000aeda83b576844d50a59a4822ecc4a6c0973e3f41fdff
Opcode Fuzzy Hash: ac5a6e8f024a9f482d4cff9144b48fab1265b49d531ab5f92d373b99ba19e449
Instruction Fuzzy Hash: E5B18D32F18A41C4EB92EB66D9442ADB761FB04B98F85413ACF4D27B99DF38D491C360

Function 00007FF763322FD0 Relevance: 1.7, APIs: 1, Instructions: 234COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633232D7

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 64d94acb7bf0318463c15645241ce2c0a0a4af76723e704df93724cb5bdf734c
Instruction ID: 4375bc825503aacda77b92e07a3e1751d8d506d63d99fc4f3c79ca94001729cd
Opcode Fuzzy Hash: 64d94acb7bf0318463c15645241ce2c0a0a4af76723e704df93724cb5bdf734c
Instruction Fuzzy Hash: 52B1AE32704A41CADB609F3AD4907ACB3A1FB48B68F845636EB5E53B99CF39D455C320

Function 00007FF763302C20 Relevance: 1.7, APIs: 1, Instructions: 193COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763302F24

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 112835adffac4f3a2811c593af6f4198d7fcde7becbd26983c8a17c7eba33d23
Instruction ID: a7d4a432564409efb55d72081b7704458632a68392638918a1ff26f972f092b0
Opcode Fuzzy Hash: 112835adffac4f3a2811c593af6f4198d7fcde7becbd26983c8a17c7eba33d23
Instruction Fuzzy Hash: E191CF22E18BC585E751DB79E4403ADA7A0FB99398F541329EADC26B99DF3CD180C710

Function 00007FF763374300 Relevance: 1.6, APIs: 1, Instructions: 105COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF763374328

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: af97434640a838a5f551ed2e2dfffd87e7f6ff24c5d315330158e50efae3ec73
Instruction ID: 9a5aefa42075962fadc0cbe85dc90ea925343ad5d1a72f718092e196d996f195
Opcode Fuzzy Hash: af97434640a838a5f551ed2e2dfffd87e7f6ff24c5d315330158e50efae3ec73
Instruction Fuzzy Hash: AD41D332908205C7EAB4AB1AE440279F3B0EB56B42F900139DB9EA7791CF7DF442C764

Function 00007FF763359280 Relevance: 1.6, APIs: 1, Instructions: 90COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763359407

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: eb959c3f41324018dc16cf4a52fbf3dfdc0a984b8be5d43a60f9f1cd1ee1a301
Instruction ID: 14f04fe1b72c9fb07c0daa9142dc34bc549fc2b57dd8fd2e661a27a72e6ee06d
Opcode Fuzzy Hash: eb959c3f41324018dc16cf4a52fbf3dfdc0a984b8be5d43a60f9f1cd1ee1a301
Instruction Fuzzy Hash: E6413872B15B48CDE7408FB9E4403AC73B6E74979CF005625DE9C66B89EE348164C394

Function 00007FF763327F50 Relevance: 1.6, APIs: 1, Instructions: 87COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763328075

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: a13861e00e590468816802660cd1da83d972d62d9d49e287459ee2df58605774
Instruction ID: 42ee880bac96837e16d73998681bb950d5bc4763f03acc9815306ea7f0fd3e8b
Opcode Fuzzy Hash: a13861e00e590468816802660cd1da83d972d62d9d49e287459ee2df58605774
Instruction Fuzzy Hash: 38415A73908B41C6DB54DF16E440128B7B0F798F44B558629DB8D57355DF38D8A0C7A4

Function 00007FF763375D98 Relevance: 1.6, APIs: 1, Instructions: 74COMMONLIBRARYCODE

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF763375E8F

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 6f786347a37d4684b13f6cf6e78b2ce699f61a5fd7bf47ee94c93a2a041324e2
Instruction ID: 66f6cd9028851c3a79cf1a50d0eafbdca9afe74747eb3fdfb46deef91e73cd56
Opcode Fuzzy Hash: 6f786347a37d4684b13f6cf6e78b2ce699f61a5fd7bf47ee94c93a2a041324e2
Instruction Fuzzy Hash: 56316F32E18601CAF7957F1694412BCB661AB8ABA2FD1023DD91D277E2CF7CA441C739

Function 00007FF763312B20 Relevance: 1.6, APIs: 1, Instructions: 63COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763312BBD

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 2e4d518ac2133c9683ed8c698cd18f3f674434f9c9dba20d80f23c38ac4b812f
Instruction ID: af44ed575b8c63bec43486b6b3d775afff14e6d6f0300e0f8bc8d856cabf394f
Opcode Fuzzy Hash: 2e4d518ac2133c9683ed8c698cd18f3f674434f9c9dba20d80f23c38ac4b812f
Instruction Fuzzy Hash: 08112876705B49C6DB459F6EE09422C7361FB89F99B918026DF4D57368DF38C890C350

Function 00007FF7633934AC Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633934CF

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 4f9b2f8469ee7c7c2fa910a4f0b010034c9d4173bbd88a1f33b49acec34b0f12
Instruction ID: 2704e5d634201b6730000234f9d8e112ca1e36e24639a0babc6b7fdd3a367f6c
Opcode Fuzzy Hash: 4f9b2f8469ee7c7c2fa910a4f0b010034c9d4173bbd88a1f33b49acec34b0f12
Instruction Fuzzy Hash: DC21D772A08641C7DBA1AF1AE840379B7A0FB85B64F944238DA5D577D9EF3CD840CB10

Function 00007FF76338E978 Relevance: 1.6, APIs: 1, Instructions: 54COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF76338E8D5

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
Instruction ID: c9902ff7a47f809489581e1bde540671e914f8bc0dc2abf29e16b45e60d15f2d
Opcode Fuzzy Hash: 071eab0d2ddb6d97d7b7232e2de0088f1d155ba52ad6f2216ba9fc5c62e5c193
Instruction Fuzzy Hash: 6B118C22A1C742C5EAE0BF53940027DE2A0BF86B80F945439EA8D67B96DF7CE441C760

Function 00007FF763353EF0 Relevance: 1.5, APIs: 1, Instructions: 38networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FF763353F38

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: send
String ID:
API String ID: 2809346765-0
Opcode ID: 4e306829149e169d4783c267f1d2206ea130793025a9a04d510cabbcf64490f0
Instruction ID: 21fcae5e169f651089b6f201b37e95f6306abc433fef8b3c0b324303ce26282b
Opcode Fuzzy Hash: 4e306829149e169d4783c267f1d2206ea130793025a9a04d510cabbcf64490f0
Instruction Fuzzy Hash: 3A01A221B18A85C1EB909F1BB940229E7A0FB88FE4F885235EF5E53F58DF28D8518740

Function 00007FF763307671 Relevance: 1.5, APIs: 1, Instructions: 33fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE ref: 00007FF7633076B4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: d66c6789144ba1e35efb442882a242fd38313b147d2b64ebd79fbcf9248c3a46
Instruction ID: 5a99979b51ce858c9dc638f841512e428e737d6d8d93f83d5d44de94d9a1e082
Opcode Fuzzy Hash: d66c6789144ba1e35efb442882a242fd38313b147d2b64ebd79fbcf9248c3a46
Instruction Fuzzy Hash: A5014F26608AC2C1DAB0DB56F4542ABB364FB88B94F804036DE8D57B58DF3CD886CB00

Function 00007FF763367814 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF763367833

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
Instruction ID: 553c2f22ea15c79d9f2e0f08955d4c2a267e2a18e1a09798f81c1fc5ed49308e
Opcode Fuzzy Hash: e3199247b15e626e1ff80a5878ee6ff274038b46c14856a595a092b0a0f0e46b
Instruction Fuzzy Hash: 39E0E531A09642C9EB943A6A9141078A1609F067F0FD15338EA3C263C1DE289860C620

Function 00007FF76338B9F8 Relevance: 1.5, APIs: 1, Instructions: 9fileCOMMON

Download Yara Rule

APIs

FindNextFileW.KERNELBASE(?,?,?,?,00007FF7632FFD7B,?,?,?,?,00000000,00000000,FFFFFFFF,?,?,00007FF763313F5F), ref: 00007FF76338B9FC

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FileFindNext
String ID:
API String ID: 2029273394-0
Opcode ID: 021893cd2ed339d1065ce6c5a318dc70dc0859a0caadd9e5077c2889b17622f9
Instruction ID: d2d99e0513f062509818580fb076a2b8519af1a3e1224a943d205d54318f6fae
Opcode Fuzzy Hash: 021893cd2ed339d1065ce6c5a318dc70dc0859a0caadd9e5077c2889b17622f9
Instruction Fuzzy Hash: 72C04C15F59983C1E69437635C861A25590AB44740FD08538C52C98750DD2C91A7C631

Function 00007FF76338D520 Relevance: 1.5, APIs: 1, Instructions: 6COMMON

Download Yara Rule

APIs

GetNativeSystemInfo.KERNEL32(?,?,?,?,?,?,?,?,?,?,00007FF763359AC8), ref: 00007FF76338D529

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: InfoNativeSystem
String ID:
API String ID: 1721193555-0
Opcode ID: 7625abf66e5e969e873e9ca9c619bb3736778813dbd6fa0c580d282ca7e19459
Instruction ID: d87567d2c84937c4eb22ae2e7199d8207a53125f4a15b56b9140040ad30872ab
Opcode Fuzzy Hash: 7625abf66e5e969e873e9ca9c619bb3736778813dbd6fa0c580d282ca7e19459
Instruction Fuzzy Hash: 18B09226E288C0C3C611FB04E842019B731FB94B08FD00420E28D42B24DE2CDA2ACF00

Function 00007FF76337446C Relevance: 1.3, APIs: 1, Instructions: 36memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,00000000,00007FF763370C66,?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?), ref: 00007FF7633744C1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: ce6335797a4eddad822b84f0a1549a88b3ca4cbb4f04ff5d221c521cf26faf27
Instruction ID: f5caa91989b5df68786871332d9fa13c9872698b10150c97703eff0fcfa3f3cb
Opcode Fuzzy Hash: ce6335797a4eddad822b84f0a1549a88b3ca4cbb4f04ff5d221c521cf26faf27
Instruction Fuzzy Hash: EFF06D54B0A206C1FED577A394052B4D2A41F4AB81F9C553CDD0EA67D1EE2CF4C0E238

Function 00007FF7633767A4 Relevance: 1.3, APIs: 1, Instructions: 29memoryCOMMONLIBRARYCODE

Download Yara Rule

APIs

HeapAlloc.KERNEL32(?,?,?,00007FF763386B53,?,?,?,?,?,?,?,?,0000000100000000,00007FF76338C815), ref: 00007FF7633767E2

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: AllocHeap
String ID:
API String ID: 4292702814-0
Opcode ID: b406b7f263db90f071041f31ea6e7ee73d4bc305731f5b88ce6b24a3c5683e1f
Instruction ID: cbd353f29a23e9e9d364b3c66c0c0ba384b72e9affec6b664cb2c3f39660f2a6
Opcode Fuzzy Hash: b406b7f263db90f071041f31ea6e7ee73d4bc305731f5b88ce6b24a3c5683e1f
Instruction Fuzzy Hash: D0F05E24A0D286C4FAD536A399216B992905F46BF1FC8063CED2EA57C1EE2CE440C234

Non-executed Functions

Function 00007FF76331E419 Relevance: 50.5, APIs: 13, Strings: 15, Instructions: 1482COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F8E4

Part of subcall function 00007FF7632FD510: __std_exception_copy.LIBVCRUNTIME ref: 00007FF7632FD553

Part of subcall function 00007FF763387DB4: RtlPcToFileHeader.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF76338C826), ref: 00007FF763387DF8
Part of subcall function 00007FF763387DB4: RaiseException.KERNEL32(?,?,?,?,?,?,?,?,7FFFFFFFFFFFFFFF,00007FF76338C826), ref: 00007FF763387E3E

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F9C0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F9C6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F9CC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F9D2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331F9D8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331FA01
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331FA70
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331FA76
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331FAC2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331FB0E

Strings

unexpected key without object, xrefs: 00007FF76331F9DE
*, xrefs: 00007FF76331E65B
No closed word, xrefs: 00007FF76331FA07, 00007FF76331FA2A
/, xrefs: 00007FF76331E622
conditional not closed, xrefs: 00007FF76331FCBB, 00007FF76331FCDE
quote was opened but not closed., xrefs: 00007FF76331F934, 00007FF76331F99D
key declared, but no value, xrefs: 00007FF76331F957, 00007FF76331F97A, 00007FF76331FA7C
#include, xrefs: 00007FF76331ED7A
unexpected '}', xrefs: 00007FF76331FAEB
word wasnt properly ended, xrefs: 00007FF76331FA4D, 00007FF76331FAC8
", xrefs: 00007FF76331E80C
object is not closed with '}', xrefs: 00007FF76331F911
Unexpected eof, xrefs: 00007FF76331F8EA
key opened, but never closed, xrefs: 00007FF76331FA9F
#base, xrefs: 00007FF76331EDA6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task$ExceptionFileHeaderRaise__std_exception_copy
String ID: "$#base$#include$*$/$No closed word$Unexpected eof$conditional not closed$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 1861853482-2258937249
Opcode ID: 6f46a390516381455ed3b7e9f1244a7de4cac0cfaa7f0e95f4cd53533bb37532
Instruction ID: eaeec783c7c01513cce5e91727d896601c3f4b1ae9dfac5d544853068e18baef
Opcode Fuzzy Hash: 6f46a390516381455ed3b7e9f1244a7de4cac0cfaa7f0e95f4cd53533bb37532
Instruction Fuzzy Hash: FFE29272A08BC6C5EBA1AF26D8403F9B761FB44788F845135DA4D2BB99DF78D185C310

Function 00007FF7633200ED Relevance: 36.1, APIs: 10, Strings: 10, Instructions: 1062COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633213A0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633213A6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633213AC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633213B2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633213B8
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7633213E1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763321450
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763321456
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7633214A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633214EE

Strings

unexpected key without object, xrefs: 00007FF7633213BE
key declared, but no value, xrefs: 00007FF763321337, 00007FF76332135A, 00007FF76332145C
#include, xrefs: 00007FF76332075A
unexpected '}', xrefs: 00007FF7633214CB
No closed word, xrefs: 00007FF7633213E7, 00007FF76332140A
", xrefs: 00007FF7633201EC
word wasnt properly ended, xrefs: 00007FF76332142D, 00007FF7633214A8
key opened, but never closed, xrefs: 00007FF76332147F
#base, xrefs: 00007FF763320786
quote was opened but not closed., xrefs: 00007FF763321314, 00007FF76332137D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: "$#base$#include$No closed word$key declared, but no value$key opened, but never closed$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 3936042273-2543107223
Opcode ID: 18d965921196ec1df1f610757faf78c66ad73ab177f07b132fe41238fd1ce982
Instruction ID: 9ed52ee0c1c1ec363b1c53afb3da607c09dbe65e4c0cd8a74eb09782ebb08ff1
Opcode Fuzzy Hash: 18d965921196ec1df1f610757faf78c66ad73ab177f07b132fe41238fd1ce982
Instruction Fuzzy Hash: 81A2C572A08BC6C5EBA1AF26C8507FDA761FB44788F844139DA4D2BB99DF78D185C310

Function 00007FF763309A59 Relevance: 34.3, APIs: 14, Strings: 5, Instructions: 1060COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF2E
Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF6A

Part of subcall function 00007FF763311990: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633119E8

Part of subcall function 00007FF7632FF3F0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7632FF450

Part of subcall function 00007FF763310AC0: _invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763310B94

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330AD96
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADAC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADB2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADB8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADBE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADC4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADCA
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADD0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADD6
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADDC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADE2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADE8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADEE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330ADF4

Strings

filename, xrefs: 00007FF763309C97, 00007FF763309F83, 00007FF76330A7A8
status, xrefs: 00007FF76330AD9F
users, xrefs: 00007FF76330A319
content, xrefs: 00007FF763309CF9, 00007FF763309FDF, 00007FF76330A87B
!, xrefs: 00007FF76330A66F

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow
String ID: !$content$filename$status$users
API String ID: 1223724100-3795777748
Opcode ID: 8fe4d0a50f7d0f48ac4d1d61496dbe7c14bcf77aac862f92058017f3301ea0f4
Instruction ID: 899e98b2d6d3507f8c57d3c5961fdfabc01fc2b615dbc69514d5674ed992e6c3
Opcode Fuzzy Hash: 8fe4d0a50f7d0f48ac4d1d61496dbe7c14bcf77aac862f92058017f3301ea0f4
Instruction Fuzzy Hash: A1B2A062A14BC5C9DB61AF35D8403EDB365FB45788F805239EA9D6BB99EF38D240C310

Function 00007FF76333F820 Relevance: 31.8, APIs: 17, Strings: 1, Instructions: 307memorycomCOMMON

Download Yara Rule

APIs

CoInitializeEx.OLE32 ref: 00007FF76333F8CE
CoInitializeSecurity.OLE32 ref: 00007FF76333F982
CoCreateInstance.OLE32 ref: 00007FF76333FA3B
CoSetProxyBlanket.OLE32 ref: 00007FF76333FA89
SysAllocStringByteLen.OLEAUT32 ref: 00007FF76333FAB6
SysFreeString.OLEAUT32 ref: 00007FF76333FAC6
SysAllocStringByteLen.OLEAUT32 ref: 00007FF76333FAE6
SysFreeString.OLEAUT32 ref: 00007FF76333FAF7
SysStringByteLen.OLEAUT32 ref: 00007FF76333FB56
SysFreeString.OLEAUT32 ref: 00007FF76333FBD5
SysFreeString.OLEAUT32 ref: 00007FF76333FBDF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333FC9C

Strings

@, xrefs: 00007FF76333FA5D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: String$Free$Byte$AllocInitialize$BlanketCreateInstanceProxySecurity_invalid_parameter_noinfo_noreturn
String ID: @
API String ID: 4083794144-2766056989
Opcode ID: 251b227ba7a1fb980a489014036dc5f27b097793efe4a60789f7e685506b82bc
Instruction ID: ec58cccc5ac61810ee79bcc9b7d387a7bd2c62b9dc37fd90807058514b155682
Opcode Fuzzy Hash: 251b227ba7a1fb980a489014036dc5f27b097793efe4a60789f7e685506b82bc
Instruction Fuzzy Hash: 52D1B022F08781CAF740AF7AD4543ADA3A1EB49798F808639DE9D66B95DF3CE144C310

Function 00007FF7632FACA0 Relevance: 31.0, Strings: 24, Instructions: 1025COMMON

Download Yara Rule

Strings

HTTP User, xrefs: 00007FF7632FC064
POP3 User Name, xrefs: 00007FF7632FB372
IMAP Server, xrefs: 00007FF7632FBD0F
NNTP User Name, xrefs: 00007FF7632FB7EE
SMTP Server, xrefs: 00007FF7632FAF83
IMAP Password, xrefs: 00007FF7632FBE5E
NNTP User, xrefs: 00007FF7632FB930
SMTP Password, xrefs: 00007FF7632FB0E0
POP3 Password, xrefs: 00007FF7632FB55F
POP3 User, xrefs: 00007FF7632FB4B4
Email, xrefs: 00007FF7632FBFB1
HTTPMail Server, xrefs: 00007FF7632FC1E1
IMAP User, xrefs: 00007FF7632FBDB0
POP3 Server, xrefs: 00007FF7632FB413
SMTP Password2, xrefs: 00007FF7632FB181
NNTP Password2, xrefs: 00007FF7632FBA7E
POP3 Password2, xrefs: 00007FF7632FB5FE
NNTP Password, xrefs: 00007FF7632FB9DE
IMAP Password2, xrefs: 00007FF7632FBEFE
IMAP User Name, xrefs: 00007FF7632FBC6E
NNTP Server, xrefs: 00007FF7632FB88F
SMTP User, xrefs: 00007FF7632FB02F
HTTP Server URL, xrefs: 00007FF7632FC121
SMTP User Name, xrefs: 00007FF7632FAED2

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: Email$HTTP Server URL$HTTP User$HTTPMail Server$IMAP Password$IMAP Password2$IMAP Server$IMAP User$IMAP User Name$NNTP Password$NNTP Password2$NNTP Server$NNTP User$NNTP User Name$POP3 Password$POP3 Password2$POP3 Server$POP3 User$POP3 User Name$SMTP Password$SMTP Password2$SMTP Server$SMTP User$SMTP User Name
API String ID: 0-560833949
Opcode ID: 88317e2a70de5c5ec0c64bc131c99f8842114f81e22e42028fa3f3b6b1b907df
Instruction ID: f1fb65655527805aea1b968ad913ae4de7f6a49f77bc885ecf83caea233568cd
Opcode Fuzzy Hash: 88317e2a70de5c5ec0c64bc131c99f8842114f81e22e42028fa3f3b6b1b907df
Instruction Fuzzy Hash: E8D2B532919BC989D7768F35AC413EA73A8F75978CF505229EB8C2AB19EF749354C300

Function 00007FF7632D6480 Relevance: 30.2, Strings: 24, Instructions: 244COMMON

Download Yara Rule

Strings

ntuser.ini, xrefs: 00007FF7632D6659
bootmgfw.efi, xrefs: 00007FF7632D64F9
bootstat.dat, xrefs: 00007FF7632D6715
iconcache.db, xrefs: 00007FF7632D65DE
bootfont.bin, xrefs: 00007FF7632D6520
ntuser.dat, xrefs: 00007FF7632D6604
mib.bin, xrefs: 00007FF7632D6744
reagent.xml, xrefs: 00007FF7632D682F
winre.wim, xrefs: 00007FF7632D6800
d3d9caps.dat, xrefs: 00007FF7632D66E6
bootsect.bak, xrefs: 00007FF7632D6546
indexervolumeguid, xrefs: 00007FF7632D6773
desktop.ini, xrefs: 00007FF7632D656C
wpsettings.dat, xrefs: 00007FF7632D67A2
gdipfontcachev1.dat, xrefs: 00007FF7632D66B7
ntldr, xrefs: 00007FF7632D6592
bootmgr, xrefs: 00007FF7632D685E
ntuser.dat.log, xrefs: 00007FF7632D662D
thumbs.db, xrefs: 00007FF7632D6688
BOOTNXT, xrefs: 00007FF7632D688D
boot.ini, xrefs: 00007FF7632D64D1
winsipolicy.p7b, xrefs: 00007FF7632D65B8
boot.sdi, xrefs: 00007FF7632D67D1
autorun.inf, xrefs: 00007FF7632D64A8

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: BOOTNXT$autorun.inf$boot.ini$boot.sdi$bootfont.bin$bootmgfw.efi$bootmgr$bootsect.bak$bootstat.dat$d3d9caps.dat$desktop.ini$gdipfontcachev1.dat$iconcache.db$indexervolumeguid$mib.bin$ntldr$ntuser.dat$ntuser.dat.log$ntuser.ini$reagent.xml$thumbs.db$winre.wim$winsipolicy.p7b$wpsettings.dat
API String ID: 73155330-850610325
Opcode ID: a96eecc44e3043773db0e883680fe3aa9f097c62710d358845abfe4b3a443794
Instruction ID: ffdff67d072f066eef13221ee16fd262800392d603596df93ef10dc28dfd066c
Opcode Fuzzy Hash: a96eecc44e3043773db0e883680fe3aa9f097c62710d358845abfe4b3a443794
Instruction Fuzzy Hash: 03C16952D64BCA84E711DB35C8813F5A361FFEA384F90632AA58C7595AEF68B3C4C350

Function 00007FF76335D700 Relevance: 29.5, APIs: 19, Instructions: 1017stringmemorynativeCOMMON

Download Yara Rule

APIs

RtlAcquirePebLock.NTDLL ref: 00007FF76335D743
NtAllocateVirtualMemory.NTDLL ref: 00007FF76335D778
lstrcpyW.KERNEL32 ref: 00007FF76335D7DA
lstrcatW.KERNEL32 ref: 00007FF76335D891
NtAllocateVirtualMemory.NTDLL ref: 00007FF76335D915
lstrcpyW.KERNEL32 ref: 00007FF76335D9CA
RtlInitUnicodeString.NTDLL ref: 00007FF76335D9DF
RtlInitUnicodeString.NTDLL ref: 00007FF76335D9F4
LdrEnumerateLoadedModules.NTDLL ref: 00007FF76335DA07
RtlReleasePebLock.NTDLL ref: 00007FF76335DA0D

Part of subcall function 00007FF763351780: SHGetKnownFolderPath.SHELL32 ref: 00007FF7633517D9
Part of subcall function 00007FF763351780: CoTaskMemFree.OLE32 ref: 00007FF76335189A

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335DA45
CoInitializeEx.OLE32 ref: 00007FF76335DAB5
lstrcpyW.KERNEL32 ref: 00007FF76335DCBE
lstrcatW.KERNEL32 ref: 00007FF76335DEF5
CoGetObject.OLE32 ref: 00007FF76335DF11
lstrcpyW.KERNEL32 ref: 00007FF76335E671
lstrcatW.KERNEL32 ref: 00007FF76335E8D2
CoGetObject.OLE32 ref: 00007FF76335E8EE
CoUninitialize.OLE32 ref: 00007FF76335EE62

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: lstrcpy$lstrcat$AllocateInitLockMemoryObjectStringUnicodeVirtual$AcquireEnumerateFolderFreeInitializeKnownLoadedModulesPathReleaseTaskUninitialize_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2979746431-0
Opcode ID: 69eeff7077457ebd5f2efa87dbda7386d0aa3d989cbf95d9af8d4e1f52a335ba
Instruction ID: 441de36127112348bb45c41663b2ce74ac51c81703da224812dd9599caa64b6d
Opcode Fuzzy Hash: 69eeff7077457ebd5f2efa87dbda7386d0aa3d989cbf95d9af8d4e1f52a335ba
Instruction Fuzzy Hash: 64D2AA36629FC58AD7918F29E88169EB3B4F788788F505229EECD57B18EF38C154C740

Function 00007FF7632D60C0 Relevance: 25.2, Strings: 20, Instructions: 208COMMON

Download Yara Rule

Strings

ProgramData, xrefs: 00007FF7632D6355
Application Data, xrefs: 00007FF7632D61AC
AppData, xrefs: 00007FF7632D62F7
$windows.~ws, xrefs: 00007FF7632D6299
config.msi, xrefs: 00007FF7632D61D2
$winreagent, xrefs: 00007FF7632D626D
Program Files (x86), xrefs: 00007FF7632D6411
All users, xrefs: 00007FF7632D6384
Windows.~bt, xrefs: 00007FF7632D62C8
$recycle.bin, xrefs: 00007FF7632D60E8
Windows.old, xrefs: 00007FF7632D61F8
Boot, xrefs: 00007FF7632D6160
ntldr, xrefs: 00007FF7632D6326
PerfLogs, xrefs: 00007FF7632D6244
bootmgr, xrefs: 00007FF7632D63B3
Windows, xrefs: 00007FF7632D6111
$windows.~bt, xrefs: 00007FF7632D621E
#recycle, xrefs: 00007FF7632D6139
Program Files, xrefs: 00007FF7632D63E2
System Volume Information, xrefs: 00007FF7632D6186

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: #recycle$$recycle.bin$$windows.~bt$$windows.~ws$$winreagent$All users$AppData$Application Data$Boot$PerfLogs$Program Files$Program Files (x86)$ProgramData$System Volume Information$Windows$Windows.old$Windows.~bt$bootmgr$config.msi$ntldr
API String ID: 73155330-2722463023
Opcode ID: ff761d91631aa3f9502625d79d5292476573348136f5d4a02a43359ddd108f2a
Instruction ID: 16496f84c4c6b438869a3dab5f498da0a5868493981b2c21728c5121f60ae210
Opcode Fuzzy Hash: ff761d91631aa3f9502625d79d5292476573348136f5d4a02a43359ddd108f2a
Instruction Fuzzy Hash: 39A18852D64BCAC4E751EB35C8413F5A361FBEA344FA0632AA58C7595ADF68B3C4C310

Function 00007FF763380824 Relevance: 24.0, APIs: 9, Strings: 4, Instructions: 1203COMMON

Download Yara Rule

APIs

fegetenv.LIBCMT ref: 00007FF763380873
_invalid_parameter_noinfo.LIBCMT ref: 00007FF763380EA6
_invalid_parameter_noinfo.LIBCMT ref: 00007FF76338101C
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633812D8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633814F8
_invalid_parameter_noinfo.LIBCMT ref: 00007FF763381733
memcpy_s.LIBCPMT ref: 00007FF76338180E
memcpy_s.LIBCPMT ref: 00007FF7633818B9
memcpy_s.LIBCPMT ref: 00007FF763381989

Part of subcall function 00007FF76336BCB4: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76336BCE6

Strings

1#IND, xrefs: 00007FF763380963
1#QNAN, xrefs: 00007FF76338098F
1#INF, xrefs: 00007FF76338099F
1#SNAN, xrefs: 00007FF763380986

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$memcpy_s$fegetenv
String ID: 1#IND$1#INF$1#QNAN$1#SNAN
API String ID: 808467561-2761157908
Opcode ID: 529c51e133bdec29678d87a85c3d83eb1136f2ce27c70c96b191372ce4db736a
Instruction ID: a4445080ba6a27c9dd4cc24406b7274d009c69c51c141eb93020234926a9fc4f
Opcode Fuzzy Hash: 529c51e133bdec29678d87a85c3d83eb1136f2ce27c70c96b191372ce4db736a
Instruction Fuzzy Hash: 61B2D272E19282CBE7A59F66D4407FDB6A1FB44388F905139DA1E77B84DB3CA600CB50

Function 00007FF763343670 Relevance: 21.6, APIs: 7, Strings: 5, Instructions: 630COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344021
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344027
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334402D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344033
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344039
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334403F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344045

Strings

or more] , xrefs: 00007FF763343ECE
[required], xrefs: 00007FF763343F81
[nargs=, xrefs: 00007FF763343ED7
[default: , xrefs: 00007FF763343F44
[nargs: , xrefs: 00007FF763343E92, 00007FF763343EB3

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: or more] $[default: $[nargs: $[nargs=$[required]
API String ID: 3668304517-2670406794
Opcode ID: 29bfa332825ff32d88e04e8b8cb11d07638d852fed181530fe04ea65f0815f08
Instruction ID: f67d3a9a6f4200fd1638135aa5b4ae15669cb52b218889f49e3e30874ba71d00
Opcode Fuzzy Hash: 29bfa332825ff32d88e04e8b8cb11d07638d852fed181530fe04ea65f0815f08
Instruction Fuzzy Hash: 9352B562A08B81C1FB54EB6AD8443ADB761FB457A4F90423ADA9D277D6DF3CE184C310

Function 00007FF763335220 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 408COMMON

Download Yara Rule

APIs

__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7633353D0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7633353DE
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF76333566D
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF76333567B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335823
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335829
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333584C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335852
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335858
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333587B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335881

Strings

value, xrefs: 00007FF7633352F6, 00007FF76333559D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_destroy
String ID: value
API String ID: 1346393832-494360628
Opcode ID: 88271e93bfd314610f364f837937c401ec86a8887a5d0b179968ee98ae76f929
Instruction ID: 63a7607d01529265e5aa6a05a07bd9b5422cb9a9f8c5b14e1dd20cdb0fe82709
Opcode Fuzzy Hash: 88271e93bfd314610f364f837937c401ec86a8887a5d0b179968ee98ae76f929
Instruction Fuzzy Hash: 7502E622A19BC1C5FB41DB76D4403ADA761EB853A4F905239FA9D26BDADF7CD180C310

Function 00007FF763339600 Relevance: 14.4, APIs: 6, Strings: 2, Instructions: 363COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF76333985A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633398EF
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633398F5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633398FB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763339901
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763339907

Strings

parse_error, xrefs: 00007FF76333968C
value, xrefs: 00007FF76333A536

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: parse_error$value
API String ID: 1944019136-1739288027
Opcode ID: 2fc5d3fea41350fa17fc3e1aa00e37ccfaf1c2611c6308e52872b775bad0d304
Instruction ID: 37fba8bb4a99e3cc562a527f053949265003a2e9bade2c9820c833402cd5c6d9
Opcode Fuzzy Hash: 2fc5d3fea41350fa17fc3e1aa00e37ccfaf1c2611c6308e52872b775bad0d304
Instruction Fuzzy Hash: C3F1B062F18A86C5FB40EB66D4413FDA321EB55398F809235EA5D26BDAEF3CD184C350

Function 00007FF76335DA50 Relevance: 12.8, APIs: 8, Instructions: 839stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF76335D700: RtlAcquirePebLock.NTDLL ref: 00007FF76335D743
Part of subcall function 00007FF76335D700: NtAllocateVirtualMemory.NTDLL ref: 00007FF76335D778
Part of subcall function 00007FF76335D700: lstrcpyW.KERNEL32 ref: 00007FF76335D7DA
Part of subcall function 00007FF76335D700: lstrcatW.KERNEL32 ref: 00007FF76335D891

CoInitializeEx.OLE32 ref: 00007FF76335DAB5
lstrcpyW.KERNEL32 ref: 00007FF76335DCBE
lstrcatW.KERNEL32 ref: 00007FF76335DEF5
CoGetObject.OLE32 ref: 00007FF76335DF11
lstrcpyW.KERNEL32 ref: 00007FF76335E671
lstrcatW.KERNEL32 ref: 00007FF76335E8D2
CoGetObject.OLE32 ref: 00007FF76335E8EE
CoUninitialize.OLE32 ref: 00007FF76335EE62

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: lstrcatlstrcpy$Object$AcquireAllocateInitializeLockMemoryUninitializeVirtual
String ID:
API String ID: 3636535045-0
Opcode ID: 33125db565dc998c7adbbacb9267a4c4f1f59afe7db5753b15395ce550f5eb4b
Instruction ID: aa7fdb3e254fd24412c2e5f6fe243c97397d5fb384735e004d8c343996abb021
Opcode Fuzzy Hash: 33125db565dc998c7adbbacb9267a4c4f1f59afe7db5753b15395ce550f5eb4b
Instruction Fuzzy Hash: 19B2893652AFC58AD7A18F29E88169AB3A4F388784F106215FFCD57B18EF78C254C740

Function 00007FF7633448A0 Relevance: 12.7, APIs: 3, Strings: 4, Instructions: 431COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF763384E90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763384EC0
Part of subcall function 00007FF763384E90: Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763384EC6

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344DA7
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344DAD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763344F77

Strings

prints version information and exits, xrefs: 00007FF763344C8C
--help, xrefs: 00007FF763344AD4
shows help message and exits, xrefs: 00007FF763344B7B
--version, xrefs: 00007FF763344BE5

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: --help$--version$prints version information and exits$shows help message and exits
API String ID: 3936042273-1172229024
Opcode ID: e1b930c1560d9a6ca6b2243aba9ac1992d77844dccab8e61e6a5c5b464e5c1e2
Instruction ID: b04ebf3a2ea94fd50c66a466c656eb003385941920b38b690d77c6e62dd20085
Opcode Fuzzy Hash: e1b930c1560d9a6ca6b2243aba9ac1992d77844dccab8e61e6a5c5b464e5c1e2
Instruction Fuzzy Hash: A022CC32A08B81C5E750DF25E8407ADB3A4FB98748F959239DE8D27766EF78D199C300

Function 00007FF763347C20 Relevance: 10.9, APIs: 5, Strings: 1, Instructions: 416COMMON

Download Yara Rule

APIs

GetModuleFileNameW.KERNEL32 ref: 00007FF763347C83
ShellExecuteW.SHELL32 ref: 00007FF7633482EB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763348374
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334837A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763348380

Strings

--type, xrefs: 00007FF763348395

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ExecuteFileModuleNameShell
String ID: --type
API String ID: 3435646932-2654721227
Opcode ID: ec6db7150de02d8e9b2120cf22d57e4aa77cda58c9333c21951039a7757e3f81
Instruction ID: b358beac6d0654929a595a8818080e49f471ba533c005f5220dfac9051db6137
Opcode Fuzzy Hash: ec6db7150de02d8e9b2120cf22d57e4aa77cda58c9333c21951039a7757e3f81
Instruction Fuzzy Hash: 56223C32A29FC48AE7808F29E88169DB3A4F788784F505229FEDD57B59EF38D154C740

Function 00007FF76337F148 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 222COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF763370A8C: GetLastError.KERNEL32 ref: 00007FF763370A9B
Part of subcall function 00007FF763370A8C: FlsGetValue.KERNEL32 ref: 00007FF763370AB0
Part of subcall function 00007FF763370A8C: SetLastError.KERNEL32 ref: 00007FF763370B3B

TranslateName.LIBCMT ref: 00007FF76337F1B5
TranslateName.LIBCMT ref: 00007FF76337F1F0
GetACP.KERNEL32(?,?,?,00000000,00000092,00007FF76337167C), ref: 00007FF76337F235
IsValidCodePage.KERNEL32(?,?,?,00000000,00000092,00007FF76337167C), ref: 00007FF76337F25D

Strings

utf8, xrefs: 00007FF76337F341

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue
String ID: utf8
API String ID: 1791977518-905460609
Opcode ID: c639ea29ff2223611d1607500ef9607e403d74a87a68d05e1ae74b1fb23a3b06
Instruction ID: fe8a659ced081868a6fc13b8f25a6e7269f3eebfac85e3ea81f4b96f8f939bc8
Opcode Fuzzy Hash: c639ea29ff2223611d1607500ef9607e403d74a87a68d05e1ae74b1fb23a3b06
Instruction Fuzzy Hash: 1E91AA36A08742C6EBA4BF22D4412B9A3B0FB86B81F844139DE5C67785DF3CE541C728

Function 00007FF76337FB7C Relevance: 10.7, APIs: 7, Instructions: 171COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF763370A8C: GetLastError.KERNEL32 ref: 00007FF763370A9B
Part of subcall function 00007FF763370A8C: FlsGetValue.KERNEL32 ref: 00007FF763370AB0
Part of subcall function 00007FF763370A8C: SetLastError.KERNEL32 ref: 00007FF763370B3B

Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370AD1
Part of subcall function 00007FF763370A8C: FlsGetValue.KERNEL32 ref: 00007FF763370B71

GetUserDefaultLCID.KERNEL32(?,00000000,00000092,?), ref: 00007FF76337FCEC

Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370AFE
Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370B0F
Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370B20
Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370B90
Part of subcall function 00007FF763370A8C: FlsSetValue.KERNEL32 ref: 00007FF763370BB8

EnumSystemLocalesW.KERNEL32(?,00000000,00000092,?,?,00000000,?,00007FF763371675), ref: 00007FF76337FCD3
ProcessCodePage.LIBCMT ref: 00007FF76337FD16
IsValidCodePage.KERNEL32 ref: 00007FF76337FD28
IsValidLocale.KERNEL32 ref: 00007FF76337FD3E
GetLocaleInfoW.KERNEL32 ref: 00007FF76337FD9A
GetLocaleInfoW.KERNEL32 ref: 00007FF76337FDB6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Value$Locale$CodeErrorInfoLastPageValid$DefaultEnumLocalesProcessSystemUser
String ID:
API String ID: 2591520935-0
Opcode ID: 8fe74223d010cdf23bbaed2293233460185b379beb42cca2b39d3ff693acabf0
Instruction ID: 85203184a89d8d46a0362cd42b5a0d2fee4442f99cd6c81c107a5912774a5174
Opcode Fuzzy Hash: 8fe74223d010cdf23bbaed2293233460185b379beb42cca2b39d3ff693acabf0
Instruction Fuzzy Hash: 12715D22B08656C9FB90AB62D4506B8B3F0BF4A745F84403ACE1D677D5EF3CA545C364

Function 00007FF7633683E8 Relevance: 9.1, APIs: 6, Instructions: 83COMMONLIBRARYCODE

Download Yara Rule

APIs

RtlCaptureContext.KERNEL32 ref: 00007FF763368461
RtlLookupFunctionEntry.KERNEL32 ref: 00007FF763368479
RtlVirtualUnwind.KERNEL32 ref: 00007FF7633684B4
IsDebuggerPresent.KERNEL32 ref: 00007FF7633684ED
SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7633684F7
UnhandledExceptionFilter.KERNEL32 ref: 00007FF763368502

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ExceptionFilterUnhandled$CaptureContextDebuggerEntryFunctionLookupPresentUnwindVirtual
String ID:
API String ID: 1239891234-0
Opcode ID: a0623ba61f08f5fe629988ead490c086d0c0d6930e11c71ea404e3dd4b904fa3
Instruction ID: fb328c5e23097b6f97d09e9d171713b7748af530b2ba9d6e1c4696aa4dc3edd5
Opcode Fuzzy Hash: a0623ba61f08f5fe629988ead490c086d0c0d6930e11c71ea404e3dd4b904fa3
Instruction Fuzzy Hash: CC31B332608F81C6EBA0DF26E8402AEB7A4FB89754F940139EA9D57B54DF3CC555CB10

Function 00007FF76336B7B0 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 329COMMON

Download Yara Rule

APIs

memcpy_s.LIBCPMT ref: 00007FF76336B81A
memcpy_s.LIBCPMT ref: 00007FF76336B845

Strings

, xrefs: 00007FF76336B978

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: memcpy_s
String ID:
API String ID: 1502251526-3916222277
Opcode ID: c10be92ccd777733aec77242fd83f6c250c9f7e3d5896467feec955041489aac
Instruction ID: 25f789854ade177eed50ab9fc6d835a2df43c4044f8159ddb65eabdd5a5e7c7f
Opcode Fuzzy Hash: c10be92ccd777733aec77242fd83f6c250c9f7e3d5896467feec955041489aac
Instruction Fuzzy Hash: B1C1E372A18286CBD7A0DF17E048A6AF795F785784F858139EB4E6B744DB3CE901CB10

Function 00007FF76338DC60 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 42COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF76338DCC1
IsDebuggerPresent.KERNEL32 ref: 00007FF76338DCD9
OutputDebugStringW.KERNEL32 ref: 00007FF76338DCEA

Strings

ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00007FF76338DCE3

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: DebugDebuggerErrorLastOutputPresentString
String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
API String ID: 389471666-631824599
Opcode ID: 5c7395dc388ac93676d6db0d40de6010577d7fa9f7f31d3abeba2b9718ad71c6
Instruction ID: b8c196b9016eee457b415a5e814920376c58e0ae991e06af03d60b65081b5e00
Opcode Fuzzy Hash: 5c7395dc388ac93676d6db0d40de6010577d7fa9f7f31d3abeba2b9718ad71c6
Instruction Fuzzy Hash: D2113D32A14B82D7E784AB23E5443B9B2A4FF04745F804139CA5D56B50EF7CE0B4C720

Function 00007FF76336FBD0 Relevance: 6.1, APIs: 4, Instructions: 81memoryCOMMON

Download Yara Rule

APIs

VirtualQuery.KERNEL32 ref: 00007FF76336FC20
GetSystemInfo.KERNEL32 ref: 00007FF76336FC37
VirtualAlloc.KERNEL32 ref: 00007FF76336FCA4
VirtualProtect.KERNEL32 ref: 00007FF76336FCBE

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Virtual$AllocInfoProtectQuerySystem
String ID:
API String ID: 3562403962-0
Opcode ID: d8d05873cc0ad23a6227d848cec7d083f47c87653e05dd80255be0592c12f254
Instruction ID: 86531829cc259a241517c6401c16c1ae439fcbc37ac7362e1381778e85b958bb
Opcode Fuzzy Hash: d8d05873cc0ad23a6227d848cec7d083f47c87653e05dd80255be0592c12f254
Instruction Fuzzy Hash: B2314B32714A81CEEB50EF36D8407E867A5FB09B88F84403ADA0D9BB44DE3CE645C750

Function 00007FF763385CD8 Relevance: 6.0, APIs: 4, Instructions: 39timethreadCOMMON

Download Yara Rule

APIs

GetSystemTimeAsFileTime.KERNEL32 ref: 00007FF763385D04
GetCurrentThreadId.KERNEL32 ref: 00007FF763385D12
GetCurrentProcessId.KERNEL32 ref: 00007FF763385D1E
QueryPerformanceCounter.KERNEL32 ref: 00007FF763385D2E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CurrentTime$CounterFilePerformanceProcessQuerySystemThread
String ID:
API String ID: 2933794660-0
Opcode ID: 2ac89b5fea08dda77e100734bc6dd1b2318c7a5e5bcdef592d09e1a64040e310
Instruction ID: ce513b824cda728e5bc83819392f98994c1f75248e90ca8965a3f72355432702
Opcode Fuzzy Hash: 2ac89b5fea08dda77e100734bc6dd1b2318c7a5e5bcdef592d09e1a64040e310
Instruction Fuzzy Hash: 09117026B14F02C9EB40DF61E8542B873A4F718758F840E35DAAD56BA4DF7CD194C350

Function 00007FF763348980 Relevance: 5.7, APIs: 2, Strings: 1, Instructions: 499COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763348C67
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763348F53

Strings

%, xrefs: 00007FF763348F8E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: %
API String ID: 3668304517-2567322570
Opcode ID: e3bf12713740de0f426eb16773a4e3a8c56b7ca0e6a832e220c648acd7c70913
Instruction ID: c6cd87fb2fc4d7569ccdd67e4752d9012dbb5a148ad5b6386b549a1bf8e62b9d
Opcode Fuzzy Hash: e3bf12713740de0f426eb16773a4e3a8c56b7ca0e6a832e220c648acd7c70913
Instruction Fuzzy Hash: C5123522B08685C9F7559B66D8103FDB761AB55788F844139DE4D3BB8ADF3CD448C3A0

Function 00007FF76338B634 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39windowCOMMON

Download Yara Rule

APIs

GetLocaleInfoEx.KERNEL32(?,?,?,?,?,?,00000000,00007FF7632FDF29), ref: 00007FF76338B65A
FormatMessageA.KERNEL32 ref: 00007FF76338B689

Strings

!x-sys-default-locale, xrefs: 00007FF76338B64D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FormatInfoLocaleMessage
String ID: !x-sys-default-locale
API String ID: 4235545615-2729719199
Opcode ID: 524e3a65a531c01bd4bfd41e549e365538079e1841d07b699c799e17f4840897
Instruction ID: 82446de39af939416c9dc49626a91b600dafb68bbe1aa96fa8bf947555094177
Opcode Fuzzy Hash: 524e3a65a531c01bd4bfd41e549e365538079e1841d07b699c799e17f4840897
Instruction Fuzzy Hash: E2019E72B0878282EB609B12F4407B9BBA2FB88794F844139EA5D66B89CF3CD445C710

Function 00007FF76331C4E0 Relevance: 4.8, APIs: 3, Instructions: 257COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e26a54fae50cf6d0c152cbd76e3d92c0e3f1b924993c3f9af7ddc82fa085cf11
Instruction ID: 5279654d144af7963c60aebc9f40da30e017355f72ed98cb1142ee1d4cbd4de4
Opcode Fuzzy Hash: e26a54fae50cf6d0c152cbd76e3d92c0e3f1b924993c3f9af7ddc82fa085cf11
Instruction Fuzzy Hash: DE91E072B19B89C1EE54EB1AE4505A9F3A4FB58BC0B94403AEE8D57758DF3CD191C310

Function 00007FF763307C80 Relevance: 4.6, APIs: 3, Instructions: 145encryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32 ref: 00007FF763307D0D
LocalFree.KERNEL32 ref: 00007FF763307D9F
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763307E86

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CryptDataFreeLocalUnprotect_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 2610421622-0
Opcode ID: 77944de7a45d9015c2a24ca5dd6cb00f6c331963efd3e3576b95a0ce3d995bb6
Instruction ID: 7d1dbaedd091d403b9f5605fd1ce2135385f033eaa0a8a0aa04820525ca51348
Opcode Fuzzy Hash: 77944de7a45d9015c2a24ca5dd6cb00f6c331963efd3e3576b95a0ce3d995bb6
Instruction Fuzzy Hash: A5616A32B14B81CAF750AF75D4403ADB3A1EB5878CF404239EA8D26B99DF78D594C350

Function 00007FF763346720 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 506COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763346EBD

Strings

-, xrefs: 00007FF7633469E1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: -
API String ID: 3668304517-2547889144
Opcode ID: f9a4a7eb24ca7097e4a03f9841305f6c701a90c6d8e525e9717dd9b3478dda0d
Instruction ID: 3cb8ec5f366af48b8f2c376adbe7dda7cf2ec3afcba5fca8cc4d01bf5da43945
Opcode Fuzzy Hash: f9a4a7eb24ca7097e4a03f9841305f6c701a90c6d8e525e9717dd9b3478dda0d
Instruction Fuzzy Hash: A822C522A08B91C6FB50DF26D8402ADB7A1FB45798F904539EF9D27B9ADF38D484C310

Function 00007FF763374A5C Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 37COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLocaleInfoW.KERNEL32(?,?,?,?,?,00007FF76337184E), ref: 00007FF763374AD0

Strings

GetLocaleInfoEx, xrefs: 00007FF763374A78, 00007FF763374A89

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: InfoLocale
String ID: GetLocaleInfoEx
API String ID: 2299586839-2904428671
Opcode ID: 48c8ba2ab909c589d8f3a54eaaeee6d023891dddf4428f91815a6c587b1413cc
Instruction ID: 235aa7083ddbd1a072105702bb7a24af45cd94f9ae38f335f846727c3a0da593
Opcode Fuzzy Hash: 48c8ba2ab909c589d8f3a54eaaeee6d023891dddf4428f91815a6c587b1413cc
Instruction Fuzzy Hash: 7401A721B08A81C5E7C4AB57B8000A6E760FF89BD1F944139EE5D27B95CE3CE541C754

Function 00007FF763346080 Relevance: 3.4, APIs: 2, Instructions: 361COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633465C1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633465C7

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 70cd9e7d658119a16aaf4246b5890b4d52ec64eaa5aaf6a012302e172bd4e19b
Instruction ID: f668d9e4e9e9f1ad18f909b1984fd4c368572841f23d271a3d71cfd9744c403b
Opcode Fuzzy Hash: 70cd9e7d658119a16aaf4246b5890b4d52ec64eaa5aaf6a012302e172bd4e19b
Instruction Fuzzy Hash: E8E1B322A08B91C1FB90AF26D84436DA761FB45B94F844239DE9D23BDADF7CE485C310

Function 00007FF7633785DC Relevance: 3.2, APIs: 2, Instructions: 232COMMONLIBRARYCODE

Download Yara Rule

APIs

_clrfp.LIBCMT ref: 00007FF76337882B
RaiseException.KERNEL32 ref: 00007FF76337883C

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ExceptionRaise_clrfp
String ID:
API String ID: 15204871-0
Opcode ID: d3f8887b7b8b3517747a6c22ca831dda960a01a1d0f15fe4b7d9d18be4f800f7
Instruction ID: 82b09c9c400f180e0cbbfb4ab1af6d091e6546b8a1f7e45edce4e6851fbe9e14
Opcode Fuzzy Hash: d3f8887b7b8b3517747a6c22ca831dda960a01a1d0f15fe4b7d9d18be4f800f7
Instruction Fuzzy Hash: 34B18B77600B88CBEB55CF2AC882368B7B0F745B89F488829DB5D8B7A4CB39D411C710

Function 00007FF7633018F0 Relevance: 2.7, Strings: 2, Instructions: 229COMMON

Download Yara Rule

Strings

dumps, xrefs: 00007FF76330196C
emoji, xrefs: 00007FF763301997

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CriticalEnterSection
String ID: dumps$emoji
API String ID: 1904992153-2873254224
Opcode ID: 092ff418cf0c40e3f20b61d1c30a2f04bd5a03ef75a1f2bccf0fc08b948617e8
Instruction ID: 8b306f4803e956dba1abe39ba97155dafcbe0616082633e4d8b2e0602bd29247
Opcode Fuzzy Hash: 092ff418cf0c40e3f20b61d1c30a2f04bd5a03ef75a1f2bccf0fc08b948617e8
Instruction Fuzzy Hash: E4C17C32E15F85C9E740DF36E9811A8B3B1FB59788B405279EE8C26B59EF38E160C354

Function 00007FF76333DBD0 Relevance: 1.7, APIs: 1, Instructions: 231COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76333DEEC

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: ce6420c4d04a0fe96625aeb9a715c5e061a1ef034888a1cb16f3a0d50e60645b
Instruction ID: 195fb2c0c4a7f6c648b5fca463262c6bc05cdce256aa9906aad362e5804d5b28
Opcode Fuzzy Hash: ce6420c4d04a0fe96625aeb9a715c5e061a1ef034888a1cb16f3a0d50e60645b
Instruction Fuzzy Hash: 3AA16822A19B99C9FB41CB6AD4803AC7B70BB19748F94842ADF8D67B55DF3CD091C360

Function 00007FF76333D8B0 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76333DBC4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 3385634120feb312b940f20433d6ccba510a8324adb36212ce1dd2450b4516d7
Instruction ID: 70cb07f88fb1b7812aafda9fdda625cfb0120fd37bbca9249b19b02fd66e90bd
Opcode Fuzzy Hash: 3385634120feb312b940f20433d6ccba510a8324adb36212ce1dd2450b4516d7
Instruction Fuzzy Hash: 4BA15822A19B99C9FB40DB6AD4803ACB770FB59748F94842ACB8D67755DF3CD091C360

Function 00007FF76333D590 Relevance: 1.7, APIs: 1, Instructions: 221COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76333D8A4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: befd39ce9c16a882e63783290c6ed6883a33189ba1b74a57d8bcd32ab303fc76
Instruction ID: 7436171b67a120781e37b34a9fcaea61a449062c33d082af37ced5ee961ca409
Opcode Fuzzy Hash: befd39ce9c16a882e63783290c6ed6883a33189ba1b74a57d8bcd32ab303fc76
Instruction Fuzzy Hash: 44A18A22A08B95C9FB40DB6AD4803ACA770FB59748F94842ADF8D67755DF3CE091C360

Function 00007FF76333D260 Relevance: 1.7, APIs: 1, Instructions: 220COMMON

Download Yara Rule

APIs

Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76333D589

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task
String ID:
API String ID: 118556049-0
Opcode ID: 6984bc12ee70109b5625062afeaa56f6819c6c30e71561ed82d7f8c24550cf89
Instruction ID: da8a395990678e8460f42b62f9660dd839384563591226eaac6f73b9943a17dc
Opcode Fuzzy Hash: 6984bc12ee70109b5625062afeaa56f6819c6c30e71561ed82d7f8c24550cf89
Instruction Fuzzy Hash: BFA18C22A18B95C9FB41CBAAD4803ACB771FB59748F94812ADF8D67755DF38E091C310

Function 00007FF763393570 Relevance: 1.7, APIs: 1, Instructions: 182COMMON

Download Yara Rule

APIs

_get_daylight.LIBCMT ref: 00007FF7633935D3

Part of subcall function 00007FF76338E2CC: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76338E2E0

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _get_daylight_invalid_parameter_noinfo
String ID:
API String ID: 474895018-0
Opcode ID: 0f622ff60f30d3780f80892d390401e18fc4cc141069fbff87909c5ebbf4c4d7
Instruction ID: 258355ff17c710b54af0a8bb6fbbc9b9f4bc022addaf958f56ceca082d5dd267
Opcode Fuzzy Hash: 0f622ff60f30d3780f80892d390401e18fc4cc141069fbff87909c5ebbf4c4d7
Instruction Fuzzy Hash: 4361A5A2F08192C5F6E0A92A8C40779E3A19F51770F95023DE92DA67C5FE7DEC40CA21

Function 00007FF76337F494 Relevance: 1.6, APIs: 1, Instructions: 61COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF763370A8C: GetLastError.KERNEL32 ref: 00007FF763370A9B
Part of subcall function 00007FF763370A8C: FlsGetValue.KERNEL32 ref: 00007FF763370AB0
Part of subcall function 00007FF763370A8C: SetLastError.KERNEL32 ref: 00007FF763370B3B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF76337FC7F,?,00000000,00000092,?,?,00000000,?,00007FF763371675), ref: 00007FF76337F532

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: cc2bc9e5fcae19234eddfb96daa48b4922628108c99e4c85fcc2e58e09fc0afd
Instruction ID: fa3e7892875e08bc60d4699e8eeb25c44c3106f8a0e612d7c72f720f0da132f3
Opcode Fuzzy Hash: cc2bc9e5fcae19234eddfb96daa48b4922628108c99e4c85fcc2e58e09fc0afd
Instruction Fuzzy Hash: AF11D267A08645CAEB95AF26E4406B8BBF0FB81BE1F848139C66D533C0DA38D5D1C750

Function 00007FF76337F564 Relevance: 1.5, APIs: 1, Instructions: 41COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF763370A8C: GetLastError.KERNEL32 ref: 00007FF763370A9B
Part of subcall function 00007FF763370A8C: FlsGetValue.KERNEL32 ref: 00007FF763370AB0
Part of subcall function 00007FF763370A8C: SetLastError.KERNEL32 ref: 00007FF763370B3B

EnumSystemLocalesW.KERNEL32(?,?,?,00007FF76337FC3B,?,00000000,00000092,?,?,00000000,?,00007FF763371675), ref: 00007FF76337F5E2

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorLast$EnumLocalesSystemValue
String ID:
API String ID: 3029459697-0
Opcode ID: 2d81400be64530b408a616b22bdcfe61cbf2ce0941f0ce553624850de7d5f966
Instruction ID: 1a9c22a2f0728d4d399e2d19d54115a334b2e172773e1d217f1a6de776c3ddc4
Opcode Fuzzy Hash: 2d81400be64530b408a616b22bdcfe61cbf2ce0941f0ce553624850de7d5f966
Instruction Fuzzy Hash: 4B01F562E08282C6E7906F17E4407B9B6F1FB41BA6F84833AC22D573C4CF789884C714

Function 00007FF763374518 Relevance: 1.5, APIs: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

EnumSystemLocalesW.KERNEL32(?,?,00000000,00007FF76337496B,?,?,?,?,?,?,?,?,00000000,00007FF76337EAE0), ref: 00007FF763374567

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: EnumLocalesSystem
String ID:
API String ID: 2099609381-0
Opcode ID: 01640a15c2b896cce9415d7a2c1ad7323f2ceef46adc31f8481a253780bbeb1f
Instruction ID: 6eb2aa20b2bfcc406bf5d384c92c304886c1d64a93ce9955fdb62c40c3aef6f9
Opcode Fuzzy Hash: 01640a15c2b896cce9415d7a2c1ad7323f2ceef46adc31f8481a253780bbeb1f
Instruction Fuzzy Hash: 4EF08C76B08B41C2E740EB66F9501A9B371FB99B80F848139EA4DA3365CF3CD461C350

Function 00007FF763376B2C Relevance: 1.5, Strings: 1, Instructions: 260COMMON

Download Yara Rule

Strings

gfffffff, xrefs: 00007FF763376E8B

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: gfffffff
API String ID: 0-1523873471
Opcode ID: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
Instruction ID: e61eb801fcca94e68633a63b970522c0254182abefa0ab2e7fc630457fd9ab00
Opcode Fuzzy Hash: 47307880288f6578f87132817073c4c2bb16437997dd627ef4aa9327bb89f433
Instruction Fuzzy Hash: D0A18862B183C6C6EBA1DB26D0207A9BBA1EB527C4F448039DE4D67785DE3DE405C710

Function 00007FF76336DABC Relevance: 1.5, Strings: 1, Instructions: 250COMMON

Download Yara Rule

Strings

, xrefs: 00007FF76336DCA2

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID: 0-3916222277
Opcode ID: 3fac53d13e13ef411f149e61d5ad2ea6a8a0273fbc02724b4dee553905c8a803
Instruction ID: eacae8de9f60e8826bebf6764c908f8b3a95d9b6150968a2b64cda9934ff34aa
Opcode Fuzzy Hash: 3fac53d13e13ef411f149e61d5ad2ea6a8a0273fbc02724b4dee553905c8a803
Instruction Fuzzy Hash: 3BB18372908785C9E7A4AF2A805013CBBA0EF46B48F76013DCA4E77395CF79D451C765

Function 00007FF7632F6770 Relevance: .8, Instructions: 804COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3782ae6a6e8d34298428d3b5efb726587602eb5fff82e6c6db1d75094522a651
Instruction ID: fc06f4355eabbd893124fc4c15d3ad9369125d469c4b4769720248717277e5c2
Opcode Fuzzy Hash: 3782ae6a6e8d34298428d3b5efb726587602eb5fff82e6c6db1d75094522a651
Instruction Fuzzy Hash: 84A2F972919FC88AD7718F25E8412EAB7A4F799788F505325EACC26B19EF38D250C704

Function 00007FF7632F9760 Relevance: .8, Instructions: 792COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5652fc21f92205e3397b4ebf23249a0e7dc57028e4a0d7b597c479a727f4e2f8
Instruction ID: 604a9eeb9aa376803f2a8f7186d26a588a755b18b01849de459e370565d6cc8e
Opcode Fuzzy Hash: 5652fc21f92205e3397b4ebf23249a0e7dc57028e4a0d7b597c479a727f4e2f8
Instruction Fuzzy Hash: 75B26E36515FC88ED7B68F29AC813DA73A8F75978CF105229EB8C5AB1CEB7483549340

Function 00007FF763356123 Relevance: .7, Instructions: 696COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d0e83b2c12586f32b34f0b2b20e852511e092ff61738f276ade5db4b6a1ceeeb
Instruction ID: 010f825ce2f2d4154f9d0ea9d7b8ecd5669049ca8bebb353d30cacd3bbb5b284
Opcode Fuzzy Hash: d0e83b2c12586f32b34f0b2b20e852511e092ff61738f276ade5db4b6a1ceeeb
Instruction Fuzzy Hash: B9727332A08BC5C9EB719F25D8403EDB7A4F749798F50522AEA9C17B99DF38D284C710

Function 00007FF763356133 Relevance: .7, Instructions: 696COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a0f25b8a4d92c5fa5d2cac86c3aff33542094981f9b9ad47e7ea64c26f801b3b
Instruction ID: 1aef90d87031a603213e339acb7cc9f4bbae110f2619804bbb418fe7ea2638b1
Opcode Fuzzy Hash: a0f25b8a4d92c5fa5d2cac86c3aff33542094981f9b9ad47e7ea64c26f801b3b
Instruction Fuzzy Hash: 6D727332A08BC5C9EB719F25D8403EDB7A4F749798F50522AEA9C17B99DF38D284C710

Function 00007FF76338E980 Relevance: .6, Instructions: 634COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: c4ab6b828ca45922997960b2700f7132280dcbffacc02f99c9a46b6be60a2307
Instruction ID: 7fba045635e90cc10bc38fbd756d61dc13d542dacb09d357fdcf0a695a8ee5d2
Opcode Fuzzy Hash: c4ab6b828ca45922997960b2700f7132280dcbffacc02f99c9a46b6be60a2307
Instruction Fuzzy Hash: 0E624921A29E56C9E6D3AF36B811575B364BF623C4F81933BE80F76750DF2CA452C224

Function 00007FF76334F370 Relevance: .4, Instructions: 428COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 63c9611f5ec2cf19800016a450332124f1d1da1461b84474040347cf4381edbc
Instruction ID: 5338e0cecaebde9468c7118101b8290b95062f5d56fbe4e14ed6f0fdd73c98f1
Opcode Fuzzy Hash: 63c9611f5ec2cf19800016a450332124f1d1da1461b84474040347cf4381edbc
Instruction Fuzzy Hash: DC02B212E08A81C2FB50AF269A002B9A391FB55B84F489238DE5D67787DF3CF5D9C350

Function 00007FF7632D6900 Relevance: .3, Instructions: 346COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8eda6f4ab24618311ef03193c99234cfc266977fc96978999a787211a08f7182
Instruction ID: 97d70635ff6131454263fae7cc02e340545a87aab5a4182326c2e237de6fe8c4
Opcode Fuzzy Hash: 8eda6f4ab24618311ef03193c99234cfc266977fc96978999a787211a08f7182
Instruction Fuzzy Hash: 9712DA32919FC889D7618F29E84129AB3B4F79D788F505325EACC67B19EF78C254CB04

Function 00007FF76336E354 Relevance: .3, Instructions: 317COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 6afb11fbea0f3916862026fdb511c2e9d803eb103ce8752adc1e091b9953803e
Instruction ID: b28af956e36cc234f2faa5606247c442907d138c2d5d61e9bbad2ab364af57b0
Opcode Fuzzy Hash: 6afb11fbea0f3916862026fdb511c2e9d803eb103ce8752adc1e091b9953803e
Instruction Fuzzy Hash: E5D10C32908746CEEBA59B278A0427DA761EB06B48F92213DDE4D373D5DF39D44AC360

Function 00007FF7633714C4 Relevance: .3, Instructions: 309COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorLastNameTranslate$CodePageValidValue_invalid_parameter_noinfo
String ID:
API String ID: 4023145424-0
Opcode ID: 2744c6d5af2e148c940694a86325be99c976764b5396e4f305d568d4486a8bfd
Instruction ID: 7b22d473a4470f6adc1a14d44084abaee64c9889622e4e7a7a11e6809b4b1238
Opcode Fuzzy Hash: 2744c6d5af2e148c940694a86325be99c976764b5396e4f305d568d4486a8bfd
Instruction Fuzzy Hash: 9DC1B576E08682C5EBA0AB6394207FAA6B0FB86789F804039DE8D67785DF3CD545C714

Function 00007FF7632F77B0 Relevance: .3, Instructions: 309COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d384bc7a73bb8619b0f00c52a6659bd27eca7cc72f7d44130b50e2775f9d9d63
Instruction ID: 8753454ec8875a6ea0328e7122a9c988455626457c57bd2bc24f6f37a7b2fa5a
Opcode Fuzzy Hash: d384bc7a73bb8619b0f00c52a6659bd27eca7cc72f7d44130b50e2775f9d9d63
Instruction Fuzzy Hash: DD02E532915FC48DE7628F79EC512E9B7B4F75D788F105229EB9C2AB19EB349250C340

Function 00007FF76338E500 Relevance: .2, Instructions: 207COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID:
API String ID: 3215553584-0
Opcode ID: 07cc6fefc29fc39819f6dfbc5ef23e0de4d22eab3ae9e4ba09169b375475775c
Instruction ID: 83f1fc22f38adf840d1140a4396a6e973cdfaadb1c44ba8ca95390336d48484a
Opcode Fuzzy Hash: 07cc6fefc29fc39819f6dfbc5ef23e0de4d22eab3ae9e4ba09169b375475775c
Instruction Fuzzy Hash: 3E81D472A04B51C6EBA0EF26C4813BDA360FB44B98F94463AEE5EA7794DF38D541C350

Function 00007FF76337765C Relevance: .2, Instructions: 198COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 832f80e29b9e7b1fab9976971e49bf3aecb105820688ae36005b75dbd0afb97c
Instruction ID: 344aca032847c7f7cf1f22eff1391710fcf6f61a694e2b74318aaa4d280174f7
Opcode Fuzzy Hash: 832f80e29b9e7b1fab9976971e49bf3aecb105820688ae36005b75dbd0afb97c
Instruction Fuzzy Hash: 3681F472A08781C5E7B4DB1A94803BABAA1FB47795F90423DEA8D57B99CF3CD400CB14

Function 00007FF76331CB90 Relevance: .2, Instructions: 190COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
Instruction ID: 0e50ba1961e1fa6df25ca0d40d17a477582979c7da8455e0a3e676a4809fd4bf
Opcode Fuzzy Hash: 5ec938e2278b14a04dbb626e947d484f460c30e86730ef98d8f8e7ce8a528cec
Instruction Fuzzy Hash: 1E61F462F18A89C2EE629F5ED0455B8B321FB54BD4F858235DB5E27784EE3CE581C310

Function 00007FF763340180 Relevance: .2, Instructions: 174COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 8597c923cbaa6151206fd998e97a6f96e981866a793e387065817f7198bd7c65
Instruction ID: 1c16c2f6cd241b7395b2432300d2261b0ab31cd61fbc807adc4d7fd47387d3bb
Opcode Fuzzy Hash: 8597c923cbaa6151206fd998e97a6f96e981866a793e387065817f7198bd7c65
Instruction Fuzzy Hash: 3061B02321E2C48BD30EDF7C589106D7F61D6A7908388469DEAC5EBB4BC518C51ACBA6

Function 00007FF763350CA0 Relevance: .2, Instructions: 156COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bef6abadc817b508d6bbbbf98975d24f3a94a3958f4abd85a63e9a006dc83d4b
Instruction ID: 9cb0a75769d14c1ba817103d0c8a9f25d39d684bd084df68345cb0b03e493b28
Opcode Fuzzy Hash: bef6abadc817b508d6bbbbf98975d24f3a94a3958f4abd85a63e9a006dc83d4b
Instruction Fuzzy Hash: AF51E4A3B0568443DB248B49FC42796F7A5FB987C5F00A12AEE8D57B68EB3CD581C700

Function 00007FF76336D474 Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction ID: 108502fe400681e2729227d391dd38db8a59f1e1e4692a161e252c314e24764a
Opcode Fuzzy Hash: 65988544bd8c51d46c1f2ecd44d2c2020be5c6c9d2ff497e3ff94f9df2993759
Instruction Fuzzy Hash: 1B51A672A08551CAE7A96F2A815433CA760EF56B58FA60138CB4D37799CF29FC81C760

Function 00007FF76336D28C Relevance: .1, Instructions: 137COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction ID: 32ea0ec8a7e2f15dea4915700a3814a64920cb1fa73fa88ac4bb2b9952b6617d
Opcode Fuzzy Hash: 09a4a0272fcb28be4f4c2347f47eb615663c13edcd1074745415d1c72bb9a049
Instruction Fuzzy Hash: 0F519672A08551CAE7A95E2AC05423CA760EF56B58FB64139CE4D37799CF28EC41C750

Function 00007FF76331FD10 Relevance: 35.3, APIs: 11, Strings: 9, Instructions: 341COMMON

Download Yara Rule

Strings

unexpected key without object, xrefs: 00007FF7633213BE
key declared, but no value, xrefs: 00007FF763321337, 00007FF76332135A, 00007FF76332145C
unexpected '}', xrefs: 00007FF7633214CB
No closed word, xrefs: 00007FF7633213E7, 00007FF76332140A
word wasnt properly ended, xrefs: 00007FF76332142D, 00007FF7633214A8
object is not closed with '}', xrefs: 00007FF7633212F1
Unexpected eof, xrefs: 00007FF7633212CA
key opened, but never closed, xrefs: 00007FF76332147F
quote was opened but not closed., xrefs: 00007FF763321314, 00007FF76332137D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: No closed word$Unexpected eof$key declared, but no value$key opened, but never closed$object is not closed with '}'$quote was opened but not closed.$unexpected '}'$unexpected key without object$word wasnt properly ended
API String ID: 0-2490624340
Opcode ID: 6e442b9db12aa2e477e113b4631858d19b1954e2c4f6a276777f69f5c4e9f2e3
Instruction ID: f41fd830e40b70c4c15b31ff27155e2c7b85ca2cfa1fb09a822dd5d8cc596267
Opcode Fuzzy Hash: 6e442b9db12aa2e477e113b4631858d19b1954e2c4f6a276777f69f5c4e9f2e3
Instruction Fuzzy Hash: 3AF15431A086C6D5EBA0EF25E8943F9A364FF54348FC05539E64D2A7AADF78D285C310

Function 00007FF763342540 Relevance: 21.1, APIs: 2, Strings: 10, Instructions: 137COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763342706
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334270C

Strings

runas, xrefs: 00007FF76334223B
176.124.204.206, xrefs: 00007FF76334246C
ios_base::failbit set, xrefs: 00007FF7633424EF
ios_base::eofbit set, xrefs: 00007FF7633424F6
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;', xrefs: 00007FF763341E3B
.exe, xrefs: 00007FF763341DF4
open, xrefs: 00007FF763342232
.exe, xrefs: 00007FF763341DCB
temp_directory_path, xrefs: 00007FF7633424BB
ios_base::badbit set, xrefs: 00007FF7633424E4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: .exe$.exe$176.124.204.206$abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789+=-&^%$#@!(){}[},.;'$ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set$open$runas$temp_directory_path
API String ID: 3668304517-2844431255
Opcode ID: 91b5ab2732b57d1d8dc5f3f95d571925291a1f8e7ab52d9d206aea0a8b1b84f0
Instruction ID: 0a43db1fb8e0e713e1c01b7ff596d34ece940e40babfd812d881d3958fea2365
Opcode Fuzzy Hash: 91b5ab2732b57d1d8dc5f3f95d571925291a1f8e7ab52d9d206aea0a8b1b84f0
Instruction Fuzzy Hash: E551B122F14A41C4FB40EB66D9402BCA770AF48794FA45639DA5CB3B9ADE78E081C320

Function 00007FF763370A8C Relevance: 18.1, APIs: 12, Instructions: 112COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32 ref: 00007FF763370A9B
FlsGetValue.KERNEL32 ref: 00007FF763370AB0
FlsSetValue.KERNEL32 ref: 00007FF763370AD1
FlsSetValue.KERNEL32 ref: 00007FF763370AFE
FlsSetValue.KERNEL32 ref: 00007FF763370B0F
FlsSetValue.KERNEL32 ref: 00007FF763370B20
SetLastError.KERNEL32 ref: 00007FF763370B3B
FlsGetValue.KERNEL32 ref: 00007FF763370B71
FlsSetValue.KERNEL32 ref: 00007FF763370B90

Part of subcall function 00007FF76337446C: HeapAlloc.KERNEL32(?,?,00000000,00007FF763370C66,?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?), ref: 00007FF7633744C1

FlsSetValue.KERNEL32 ref: 00007FF763370BB8

Part of subcall function 00007FF763373E04: RtlFreeHeap.NTDLL(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E1A
Part of subcall function 00007FF763373E04: GetLastError.KERNEL32(?,?,?,00007FF76337DF72,?,?,?,00007FF76337E2EF,?,?,00000000,00007FF76337C02C,?,?,?,00007FF76337BF5F), ref: 00007FF763373E24

FlsSetValue.KERNEL32 ref: 00007FF763370BC9
FlsSetValue.KERNEL32 ref: 00007FF763370BDA

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Value$ErrorLast$Heap$AllocFree
String ID:
API String ID: 570795689-0
Opcode ID: b170fd9b733dbfbd61b4f36eded9b017c2a9bba8f47560a3642fe2208258a6e2
Instruction ID: f46c7f3d795774b4849d4873816f631dba7d887d0638df0a7a486f55fb135dd1
Opcode Fuzzy Hash: b170fd9b733dbfbd61b4f36eded9b017c2a9bba8f47560a3642fe2208258a6e2
Instruction Fuzzy Hash: 70415E10A0C202C1F9E8B7735955179E2614F8677AF94473CE83D367D2DE2EF841C628

Function 00007FF7632FF690 Relevance: 14.3, APIs: 6, Strings: 2, Instructions: 278COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF76338B798: AreFileApisANSI.KERNEL32(?,?,?,?,00007FF76331DE88,?,?,?,?,?,00000000,FFFFFFFF,?,?,00007FF763301F0A), ref: 00007FF76338B7AA

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7632FF8F0
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7632FF8F6
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF7632FF987

Strings

", ", xrefs: 00007FF7632FF7CB
: ", xrefs: 00007FF7632FF798

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$ApisFile__std_exception_destroy
String ID: ", "$: "
API String ID: 397665139-747220369
Opcode ID: 73161b4caaefcfca97d3b04a702d7d6b1a43d9a3d8ca13878a9d8e66b467e628
Instruction ID: c2ec1200a01fd5dea37c27b047748b9cfa7a47ba1166272b49c03f3ef616b5bf
Opcode Fuzzy Hash: 73161b4caaefcfca97d3b04a702d7d6b1a43d9a3d8ca13878a9d8e66b467e628
Instruction Fuzzy Hash: FEA1E272B08B41D9EB40EF6AE0543ADB3A1EB44B88F944539DE4C27B9ADF38D491C350

Function 00007FF76334C530 Relevance: 14.2, APIs: 5, Strings: 3, Instructions: 173COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF76334C5AE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF76334C5F7
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76334C773
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76334C786
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76334C78C

Strings

bad locale name, xrefs: 00007FF76334C779
false, xrefs: 00007FF76334C67E
true, xrefs: 00007FF76334C6AB

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task$std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name$false$true
API String ID: 164343898-1062449267
Opcode ID: b682e21b76faa0e9b2ceb8f90ded097b089d78ac5436e76cdf2da4560fe96314
Instruction ID: 0110ff9a9f4d6ff3822a69af4075b6e00ae87b44530f9cfca356ccf9e6ae352a
Opcode Fuzzy Hash: b682e21b76faa0e9b2ceb8f90ded097b089d78ac5436e76cdf2da4560fe96314
Instruction Fuzzy Hash: 31717C22A09B41DAF751EF62E8402ACB7B5EF85744F840139EA4D33B66DF38E419C364

Function 00007FF763345200 Relevance: 12.7, APIs: 6, Strings: 1, Instructions: 475COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633458BC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763345918
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334591E
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76334592A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763345930
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763345936

Strings

No such argument: , xrefs: 00007FF7633458EA

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: No such argument:
API String ID: 3936042273-4085609673
Opcode ID: 81ada8103e0608db26079092ba504511297ded9be713ae7fafad3c01f6729b77
Instruction ID: ba1b2b5ac1d8280da3561a88c69a27478263cef04d1ffb96ecdfd7998f65fcda
Opcode Fuzzy Hash: 81ada8103e0608db26079092ba504511297ded9be713ae7fafad3c01f6729b77
Instruction Fuzzy Hash: 6C12D622F18785C5FB50AB66D4043BDA762EB087E8F844639DE6C27BDADE38D185C350

Function 00007FF7633431F0 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 288COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763343657
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334365D
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763343663
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763343669

Strings

..., xrefs: 00007FF7633434C2
VAR, xrefs: 00007FF7633433A0
, xrefs: 00007FF76334328B

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: $...$VAR
API String ID: 3668304517-4000803252
Opcode ID: 22e919e0398963de0248bc354a9110d66931714f6c9a72f807b2d81d13a41b15
Instruction ID: 1e4f5b5b48d87483370b6d83d14c0e96c81c3554c2be9012763e2f099a6af6a4
Opcode Fuzzy Hash: 22e919e0398963de0248bc354a9110d66931714f6c9a72f807b2d81d13a41b15
Instruction Fuzzy Hash: 5DD1A462A18B81C5FB50DB6AD8803EDB761FB447A8F904239DA5D27B9ADF3CD184C310

Function 00007FF7633611A0 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 174COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF763361381
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76336140B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763361411
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763361417
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76336141D

Strings

os_crypt, xrefs: 00007FF7633611A6
out_of_range, xrefs: 00007FF763361210

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: os_crypt$out_of_range
API String ID: 1944019136-3828104817
Opcode ID: dfcd86d5255ace1054003753d28c1c71d1ad339682b270d75bcae9ef11badd04
Instruction ID: b1556db5170c2606112a98ade14b166a77f346757aa70e62e440f0e0d900fcee
Opcode Fuzzy Hash: dfcd86d5255ace1054003753d28c1c71d1ad339682b270d75bcae9ef11badd04
Instruction Fuzzy Hash: DF71C272F19B85C9FB40DF7AD4403ACA361EB55398F809235EA6D36BD9EE389184C310

Function 00007FF763374594 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117libraryloaderCOMMONLIBRARYCODE

Download Yara Rule

APIs

FreeLibrary.KERNEL32(?,00000000,00007FF763374C42,?,?,00000030,00007FF76337B900,?,?,?,?,?,?,?), ref: 00007FF763374713
GetProcAddress.KERNEL32(?,00000000,00007FF763374C42,?,?,00000030,00007FF76337B900,?,?,?,?,?,?,?), ref: 00007FF76337471F

Strings

ext-ms-, xrefs: 00007FF763374670
api-ms-, xrefs: 00007FF76337465D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: AddressFreeLibraryProc
String ID: api-ms-$ext-ms-
API String ID: 3013587201-537541572
Opcode ID: fe487ba48e8b98e8da8f078ca9b00621851933d19320e8d2a4f77f7db0a80c87
Instruction ID: a191d956a7f2128842efd7e19cdea8d9e695c34b04bbfe4c5fe33821af734065
Opcode Fuzzy Hash: fe487ba48e8b98e8da8f078ca9b00621851933d19320e8d2a4f77f7db0a80c87
Instruction Fuzzy Hash: 9D412662B19B42C1FAA1EB07A8001B5A3A5BF46BD1F88413DDD1D6B794EE3CF045C364

Function 00007FF763341BD0 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 81networkfileCOMMON

Download Yara Rule

APIs

InternetOpenW.WININET ref: 00007FF763341C39
InternetOpenUrlA.WININET ref: 00007FF763341C6E
InternetReadFile.WININET ref: 00007FF763341C8F
InternetReadFile.WININET ref: 00007FF763341CCF
InternetCloseHandle.WININET ref: 00007FF763341CDC
InternetCloseHandle.WININET ref: 00007FF763341CE5

Strings

File Downloader, xrefs: 00007FF763341C32

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Internet$CloseFileHandleOpenRead
String ID: File Downloader
API String ID: 4038090926-3631955488
Opcode ID: 5f5cd5d1c3033a71f9d02e819e7c0d70b6054f3e9fde37668af81b5883abe968
Instruction ID: 93f843ce24e1575c5358e6b3f4747e25efeae3b0f298f2fa6161dd193ae16531
Opcode Fuzzy Hash: 5f5cd5d1c3033a71f9d02e819e7c0d70b6054f3e9fde37668af81b5883abe968
Instruction Fuzzy Hash: 78319032A18B81C2E7609F16E8507AAB760FB88BC4F844039EE8D53B49DF7CE554CB10

Function 00007FF76333E200 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 186COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF76333E3DD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333E462
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333E468
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333E46E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333E474

Strings

invalid_iterator, xrefs: 00007FF76333E272

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: invalid_iterator
API String ID: 1944019136-2508626007
Opcode ID: fcd8f1feac9935c04b98c58f3e9524c4f9a3caa8148790d92cbd3a21410ff3b8
Instruction ID: 684c6c75ae15dc3bf8690186e6df482946a57dec91ea979decc21d1b2766ba0c
Opcode Fuzzy Hash: fcd8f1feac9935c04b98c58f3e9524c4f9a3caa8148790d92cbd3a21410ff3b8
Instruction Fuzzy Hash: 9B71B463F19B85C9FB00AB7AD4503ACA361EB59798F809235DA5C36BD5EE3CA185C310

Function 00007FF76333B9F0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 174COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF76333BBD1
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333BC5B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333BC61
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333BC67
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76333BC6D

Strings

out_of_range, xrefs: 00007FF76333BA60

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: out_of_range
API String ID: 1944019136-3053435996
Opcode ID: 6bec659f902b6012995f022ffc9c67b9058c71b4fbab2b8ec1208bb593e3d8bf
Instruction ID: 54663700832ec81b58d475740877750d6e8cb7ec8983510479c19d1dcdb0a265
Opcode Fuzzy Hash: 6bec659f902b6012995f022ffc9c67b9058c71b4fbab2b8ec1208bb593e3d8bf
Instruction Fuzzy Hash: 9C71B362F19B85C9FB00DF7AD4503ADA361EB55398F809335EA9C26BD9EE3C9185C310

Function 00007FF7633163E0 Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 170COMMON

Download Yara Rule

APIs

__std_exception_copy.LIBVCRUNTIME ref: 00007FF7633165BD
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763316642
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763316648
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331664E
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763316654

Strings

type_error, xrefs: 00007FF763316452

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_exception_copy
String ID: type_error
API String ID: 1944019136-1406221190
Opcode ID: ace33a89193a6d81226a23815234692fbdf049d2eceae4adab298d777822cdcb
Instruction ID: 972935822f767b25ef0eee01245e11ea05858af8bc9674109dc14525806037cd
Opcode Fuzzy Hash: ace33a89193a6d81226a23815234692fbdf049d2eceae4adab298d777822cdcb
Instruction Fuzzy Hash: E071C472F19B85C9FB019BBAD4543AC7321AB55398F809335DE5C36BD9EE38A185C310

Function 00007FF76332B300 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 140COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B4A2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B4A8
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF76332B4E0
__std_exception_destroy.LIBVCRUNTIME ref: 00007FF76332B4ED

Strings

at line , xrefs: 00007FF76332B38A
, column , xrefs: 00007FF76332B3B8

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: __std_exception_destroy_invalid_parameter_noinfo_noreturn
String ID: at line $, column
API String ID: 729085983-191570568
Opcode ID: a088cdb21d385d6c215dffb2299ae5a961850f82b6d2bd90c36d50670c4f4dad
Instruction ID: 4aca04bc094bf92ecfde8beb19666a1d4e8a71420c548f317b7b428fca0ff12b
Opcode Fuzzy Hash: a088cdb21d385d6c215dffb2299ae5a961850f82b6d2bd90c36d50670c4f4dad
Instruction Fuzzy Hash: 1E51B372A08781C2EA54AB1AE58436EB721FB85BD0F904639EB9D17BD6DF3CD081C750

Function 00007FF763382814 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 48fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteConsoleW.KERNEL32 ref: 00007FF763382845
GetLastError.KERNEL32 ref: 00007FF763382851
CloseHandle.KERNEL32 ref: 00007FF763382869
CreateFileW.KERNEL32 ref: 00007FF763382894
WriteConsoleW.KERNEL32 ref: 00007FF7633828B3

Strings

CONOUT$, xrefs: 00007FF763382875

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ConsoleWrite$CloseCreateErrorFileHandleLast
String ID: CONOUT$
API String ID: 3230265001-3130406586
Opcode ID: 48b56def838186f0977933ffc9ee02d4886a42ddb0d3b73b1937c479b359ff6f
Instruction ID: c4581de836af36cb75a273a51c6aab0d768e939e2092b6588e70240fe513c1be
Opcode Fuzzy Hash: 48b56def838186f0977933ffc9ee02d4886a42ddb0d3b73b1937c479b359ff6f
Instruction Fuzzy Hash: 69118421A18A41C6E7909B57E854325A6A0FB58FE4F404238E96D97B94CF7CD814C754

Function 00007FF7633064A0 Relevance: 9.3, APIs: 6, Instructions: 322COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF763384D80: EnterCriticalSection.KERNEL32(?,?,0000000100000000,00007FF763301944), ref: 00007FF763384D90

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330696A
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763306970
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763306976
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76330697C
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763306982
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763306988

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$CriticalEnterSection
String ID:
API String ID: 555700303-0
Opcode ID: 8e4279a93eda603b7049288216fcf0f6ac8e472970434ea1cd186c916dc80b8e
Instruction ID: 6300ee05c7d3fa527897de2da8254457f755fe58bdd62b88249e0cc2243872cc
Opcode Fuzzy Hash: 8e4279a93eda603b7049288216fcf0f6ac8e472970434ea1cd186c916dc80b8e
Instruction Fuzzy Hash: 1ED1F562F18682C5FB50AB66D4503BDA361EB45798F805639EE5D2BBD9DF3CE081C320

Function 00007FF76338D894 Relevance: 9.2, APIs: 6, Instructions: 240COMMONLIBRARYCODE

Download Yara Rule

APIs

GetCPInfo.KERNEL32 ref: 00007FF76338D93D
MultiByteToWideChar.KERNEL32 ref: 00007FF76338D9E0
MultiByteToWideChar.KERNEL32 ref: 00007FF76338DA81
MultiByteToWideChar.KERNEL32 ref: 00007FF76338DACB
MultiByteToWideChar.KERNEL32 ref: 00007FF76338DB62
CompareStringEx.KERNEL32 ref: 00007FF76338DB95

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ByteCharMultiWide$CompareInfoString
String ID:
API String ID: 2984826149-0
Opcode ID: f347c8f43b91741fdc9810cacbf809b241c8952251077899aabcdba9b25bb8ea
Instruction ID: 9f36744f53759c9efd8a84e350ee686357333f323c95fc3f68ea3b9df06650d8
Opcode Fuzzy Hash: f347c8f43b91741fdc9810cacbf809b241c8952251077899aabcdba9b25bb8ea
Instruction Fuzzy Hash: 80A1D622A0C682C6FBB1AF2A94503B9A691EF457E4FD4063AD96D277C5DF7CE405C320

Function 00007FF76338D538 Relevance: 9.2, APIs: 6, Instructions: 200COMMONLIBRARYCODE

Download Yara Rule

APIs

MultiByteToWideChar.KERNEL32 ref: 00007FF76338D5AA
MultiByteToWideChar.KERNEL32 ref: 00007FF76338D652
LCMapStringEx.KERNEL32 ref: 00007FF76338D689
LCMapStringEx.KERNEL32 ref: 00007FF76338D6E2
LCMapStringEx.KERNEL32 ref: 00007FF76338D78F
WideCharToMultiByte.KERNEL32 ref: 00007FF76338D7D1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ByteCharMultiStringWide
String ID:
API String ID: 2829165498-0
Opcode ID: e4fa22a710c47188b55bda09a09fdc9265209128699d57c18ff63feec2b297ff
Instruction ID: ce07933ee48f69651476d04ceae38efaa8de861a43c9aee87565fb6d2f271e1b
Opcode Fuzzy Hash: e4fa22a710c47188b55bda09a09fdc9265209128699d57c18ff63feec2b297ff
Instruction Fuzzy Hash: 60818432A08781C6EBA09F16D440779A6A1FF447A8F94063AFA5D6BBD8DF3CD445C710

Function 00007FF763370C04 Relevance: 9.1, APIs: 6, Instructions: 57COMMONLIBRARYCODE

Download Yara Rule

APIs

GetLastError.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370C13
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370C49
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370C76
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370C87
FlsSetValue.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370C98
SetLastError.KERNEL32(?,?,8000000000000000,00007FF76336CB85,?,?,?,?,00007FF7633767F4,?,?,?,00007FF763386B53), ref: 00007FF763370CB3

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Value$ErrorLast
String ID:
API String ID: 2506987500-0
Opcode ID: 9b02ecda8c9321b70e6f8dbaea4320c136822b080a8063a1e62e2224ce17cf87
Instruction ID: 1426216392efcea15171208e5ea9eed795687bda1fdd2278c64c7457bccec0b8
Opcode Fuzzy Hash: 9b02ecda8c9321b70e6f8dbaea4320c136822b080a8063a1e62e2224ce17cf87
Instruction Fuzzy Hash: 5C114F20A0C653C1F9D4B7339A51179E2625F867B1F94473CE83E2A7D6DE2DF441C628

Function 00007FF763351400 Relevance: 9.0, APIs: 6, Instructions: 41COMMON

Download Yara Rule

APIs

DeleteObject.GDI32 ref: 00007FF763351443
EnterCriticalSection.KERNEL32(?,?,?,00007FF7633513D4), ref: 00007FF763351455
EnterCriticalSection.KERNEL32 ref: 00007FF763351465
GdiplusShutdown.GDIPLUS ref: 00007FF763351473
LeaveCriticalSection.KERNEL32 ref: 00007FF763351480
LeaveCriticalSection.KERNEL32 ref: 00007FF76335148A

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$DeleteGdiplusObjectShutdown
String ID:
API String ID: 4268643673-0
Opcode ID: 0a87981d0a80b61d410f48e8fae8d3740545c0e7c6c855c0ede7b6a07225b7b0
Instruction ID: 75b987030d1caf33591bf0aa4191c701c8cc5a83777d51d0d31077d270d510f3
Opcode Fuzzy Hash: 0a87981d0a80b61d410f48e8fae8d3740545c0e7c6c855c0ede7b6a07225b7b0
Instruction Fuzzy Hash: D7113D32915B81C5EB90AF26E844068B774FB44FA4794423AD66D16BA4CF3CD897C350

Function 00007FF7633180E0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 171COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF76331814F
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF763318197
_Getcoll.LIBCPMT ref: 00007FF7633181CB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633182CA

Strings

bad locale name, xrefs: 00007FF7633182D0

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$GetcollLocinfo::_Locinfo_ctorLockitLockit::__invalid_parameter_noinfo_noreturn
String ID: bad locale name
API String ID: 818938248-1405518554
Opcode ID: 5b0cc82087ff888185ed91558a79811088a631f56eb9a38591b3ac36c5d332c3
Instruction ID: 202c2619e22919591abf635f619cbe6aa770214aa0f633f11dd890587d71a699
Opcode Fuzzy Hash: 5b0cc82087ff888185ed91558a79811088a631f56eb9a38591b3ac36c5d332c3
Instruction Fuzzy Hash: C771AB22B05B41CAFB41EFB6D8503ACB362AF45748F844139DE4D3BB99DE389051C398

Function 00007FF76332B8E0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 125COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF2E
Part of subcall function 00007FF7632FEEB0: __std_fs_convert_wide_to_narrow.LIBCPMT ref: 00007FF7632FEF6A

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332BAD5
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332BADB
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332BAE1

Strings

Profile, xrefs: 00007FF76332BA19
Default, xrefs: 00007FF76332B9D4

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$__std_fs_convert_wide_to_narrow
String ID: Default$Profile
API String ID: 1223724100-3314577806
Opcode ID: 18dcfc186105d23553a757cefb7f49d57c4382a713a082528fb4d2c9da5b29fd
Instruction ID: cd860e185ebc1d913fb874de29c22b36f10d6230b836b023c6cbefd16799a4b7
Opcode Fuzzy Hash: 18dcfc186105d23553a757cefb7f49d57c4382a713a082528fb4d2c9da5b29fd
Instruction Fuzzy Hash: A451D972E58782C0EE90AB5AE05437AA761EF853D0FD05239D69D667E6DF7CE080C720

Function 00007FF7633261F0 Relevance: 7.7, APIs: 5, Instructions: 234COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF7633262E6
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7633262F2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763326385
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7633263FE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF763326446

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturnstd::_$Concurrency::cancel_current_taskLocinfo::_Locinfo_ctorLockitLockit::_
String ID:
API String ID: 2759874623-0
Opcode ID: 37b89fb55ac7f4aff6fb1a2045dc17a5810c7324f954e6e6aba4783d232a85c5
Instruction ID: 66bd77396eef36b39c7573e71420367bcc268011927adee1f75d0d6855779e98
Opcode Fuzzy Hash: 37b89fb55ac7f4aff6fb1a2045dc17a5810c7324f954e6e6aba4783d232a85c5
Instruction Fuzzy Hash: 00919F32A05B41C9EB90EF62E4507BDB3A4EF44B98F884538EA9D23B95DE38D451C364

Function 00007FF7633782BC Relevance: 7.7, APIs: 5, Instructions: 196COMMON

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF7633782FF
_set_statfp.LIBCMT ref: 00007FF76337831D
_set_statfp.LIBCMT ref: 00007FF763378346
_set_statfp.LIBCMT ref: 00007FF76337857F

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 2dc6c4848308a8d27669eaf884ecdce81165a9b514e10212270fde563d0270b3
Instruction ID: bacb33f09a9e47cc50afa8ade45c74c45520f6f088b30bea16b6ed9b0d12c695
Opcode Fuzzy Hash: 2dc6c4848308a8d27669eaf884ecdce81165a9b514e10212270fde563d0270b3
Instruction Fuzzy Hash: E981EA12908A46C5F7B1AE3AA44137AE6B0FF46795F844239E95D3E790DF3CE481C624

Function 00007FF76335D530 Relevance: 7.6, APIs: 5, Instructions: 123COMMON

Download Yara Rule

APIs

GetEnvironmentStringsW.KERNEL32 ref: 00007FF76335D550
FreeEnvironmentStringsW.KERNEL32 ref: 00007FF76335D64B
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335D675
RtlInitUnicodeString.NTDLL ref: 00007FF76335D6BE
RtlInitUnicodeString.NTDLL ref: 00007FF76335D6CB

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: EnvironmentInitStringStringsUnicode$Free_invalid_parameter_noinfo_noreturn
String ID:
API String ID: 1868271193-0
Opcode ID: 89e40d07247d39b222b600047b7a03d7dfbce0c35fc4c74367115637af50fa2a
Instruction ID: 98f888f2e847e7e0f74401d46304663aaf7c6ea7ff50dca7602dc08416c52c7c
Opcode Fuzzy Hash: 89e40d07247d39b222b600047b7a03d7dfbce0c35fc4c74367115637af50fa2a
Instruction Fuzzy Hash: 8F51C432A08B85C2EB50AF16E44036DB760FB95B94F94922ADB9C17B95DF7CE1E1C310

Function 00007FF763358AF0 Relevance: 7.6, APIs: 5, Instructions: 106COMMON

Download Yara Rule

APIs

GetDesktopWindow.USER32 ref: 00007FF763358B22
GetWindowRect.USER32 ref: 00007FF763358B33
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763358CAC
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763358CB2
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763358CB8

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Window$DesktopRect
String ID:
API String ID: 1991322523-0
Opcode ID: abca54bb5888cfaf8a049de51b5164587558f78cf8c2c4ee4b12a9726f285fb6
Instruction ID: e0c2cda22f67ef8e69fc161419bb847950808c32fde3e4b1c4d281d3abb653a3
Opcode Fuzzy Hash: abca54bb5888cfaf8a049de51b5164587558f78cf8c2c4ee4b12a9726f285fb6
Instruction Fuzzy Hash: E4410A62B197C5C1EA50AB1AE44436EF750EB857E4F904339EAEC66BE9DE3CD080C710

Function 00007FF763383B64 Relevance: 7.6, APIs: 5, Instructions: 56COMMONLIBRARYCODE

Download Yara Rule

APIs

_set_statfp.LIBCMT ref: 00007FF763383B8C
_set_statfp.LIBCMT ref: 00007FF763383BA7
_set_statfp.LIBCMT ref: 00007FF763383BC3
_set_statfp.LIBCMT ref: 00007FF763383BFF

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _set_statfp
String ID:
API String ID: 1156100317-0
Opcode ID: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
Instruction ID: 1a184f77a32f25a92f3afee7d8feae20227b8ee1742fa798137be9422a85a6df
Opcode Fuzzy Hash: 025d23688907853b564ca8c27b0d165eda471880a57ba5485be5edd5abf68226
Instruction Fuzzy Hash: 9A11276AE0DA8381FBE9312ED912379D050AF51370FD40A3CE92E2A3D68EBC6840C130

Function 00007FF763370CCC Relevance: 7.6, APIs: 5, Instructions: 54COMMONLIBRARYCODE

Download Yara Rule

APIs

FlsGetValue.KERNEL32(?,?,?,00007FF763368377,?,?,00000000,00007FF763368612,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763370CEB
FlsSetValue.KERNEL32(?,?,?,00007FF763368377,?,?,00000000,00007FF763368612,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763370D0A
FlsSetValue.KERNEL32(?,?,?,00007FF763368377,?,?,00000000,00007FF763368612,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763370D32
FlsSetValue.KERNEL32(?,?,?,00007FF763368377,?,?,00000000,00007FF763368612,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763370D43
FlsSetValue.KERNEL32(?,?,?,00007FF763368377,?,?,00000000,00007FF763368612,?,?,?,?,8000000000000000,00007FF76336859E), ref: 00007FF763370D54

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Value
String ID:
API String ID: 3702945584-0
Opcode ID: fd0f37bcc45467137d82f0e0dcc3ee8bbc0f864e39e2bb63432d6b55f891ddc3
Instruction ID: ff01f97461e80b4e21159836b53f03acee3fd6c21fcadac797de70bb61405183
Opcode Fuzzy Hash: fd0f37bcc45467137d82f0e0dcc3ee8bbc0f864e39e2bb63432d6b55f891ddc3
Instruction Fuzzy Hash: D2116A20A0C342C1FAE8B7236A51279E2615F867B1F84573CE83D267D6DE2DF801C728

Function 00007FF76331A600 Relevance: 7.3, APIs: 3, Strings: 1, Instructions: 289COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331A819
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF76331A825
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76331AA21

Strings

0:, xrefs: 00007FF76331A8FB

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$Concurrency::cancel_current_task
String ID: 0:
API String ID: 3936042273-4252728285
Opcode ID: 9559178d12138e3d5957b55b8f0d68c73b3a9370bd433dfad6ae6941c881546b
Instruction ID: d853627ebb370fecff5459d72fe48f56a26d2a89a057c2dc5b96a68a73ac9fa7
Opcode Fuzzy Hash: 9559178d12138e3d5957b55b8f0d68c73b3a9370bd433dfad6ae6941c881546b
Instruction Fuzzy Hash: 81C19C33A14B858AE751DF65E4402ADB3B4FB49798F445629DF8D23B59EF38E0A4C310

Function 00007FF763327080 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 246COMMON

Download Yara Rule

Strings

ios_base::failbit set, xrefs: 00007FF7633270F2
ios_base::eofbit set, xrefs: 00007FF7633270F9
ios_base::badbit set, xrefs: 00007FF7633270E7

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: ios_base::badbit set$ios_base::eofbit set$ios_base::failbit set
API String ID: 0-1866435925
Opcode ID: 801592ebc0b75ed27a2787abaf85358e96dd858f17e9b0b99e8ab0efd60c1114
Instruction ID: 645fbea9f08eaa399a8670c4100458a332a2bb088352164afc17ee30f868e1ee
Opcode Fuzzy Hash: 801592ebc0b75ed27a2787abaf85358e96dd858f17e9b0b99e8ab0efd60c1114
Instruction Fuzzy Hash: 6C91CD72608B85C2EB94DB06E444B6DB365FB48BC4FA4803AEA9E53B95DF3CD481C350

Function 00007FF7633922BC Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 219COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF76339259B

Part of subcall function 00007FF7633823F8: _invalid_parameter_noinfo.LIBCMT ref: 00007FF763382415

Strings

ccs, xrefs: 00007FF7633924D6
UTF-16LEUNICODE, xrefs: 00007FF763392539
UTF-8, xrefs: 00007FF76339251A

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo
String ID: UTF-16LEUNICODE$UTF-8$ccs
API String ID: 3215553584-1196891531
Opcode ID: ef430759b7b447c0057831311c08b99cca63ded7db4fb998a2454816ebe11f35
Instruction ID: a7407019676c9a49c223b81533df0f36fca7580eb7859f96a04fd296becc77da
Opcode Fuzzy Hash: ef430759b7b447c0057831311c08b99cca63ded7db4fb998a2454816ebe11f35
Instruction Fuzzy Hash: A181B132D19A0BC5F7E46E2B8350278A6A0AB15748FD59039CA0DF73D5EB2DED81D221

Function 00007FF763345940 Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 216COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763345C88

Strings

Optional arguments:, xrefs: 00007FF763345A9F
Subcommands:, xrefs: 00007FF763345B16
Positional arguments:, xrefs: 00007FF763345A2E

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: Optional arguments:$Positional arguments:$Subcommands:
API String ID: 3668304517-2031040180
Opcode ID: 72086f7e9649a31c5b59655ff8af8d49c12a651bd44c2d07f3ae0c9f5cd50249
Instruction ID: 379d9c3e626d32a0ba18fd01611f4738a23f2902df8f7bfe6da54ecffc3a1fcb
Opcode Fuzzy Hash: 72086f7e9649a31c5b59655ff8af8d49c12a651bd44c2d07f3ae0c9f5cd50249
Instruction Fuzzy Hash: 33A17162A08A41C1FB95AB17D8803ADB7A1EB45FC4FC4843ADA0E27796DF7CD589C350

Function 00007FF7633004B0 Relevance: 7.2, APIs: 3, Strings: 1, Instructions: 207COMMON

Download Yara Rule

Strings

[json.exception., xrefs: 00007FF7633005EB

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID:
String ID: [json.exception.
API String ID: 0-791563284
Opcode ID: a51db3372fd15447ad9884ff31321145c1f95cf3c9ec73f87d3cde700041bf2b
Instruction ID: d14480d0f5d95a143407935d5019d8d0236809e2e4b4b6640071b60b7cc7d69d
Opcode Fuzzy Hash: a51db3372fd15447ad9884ff31321145c1f95cf3c9ec73f87d3cde700041bf2b
Instruction Fuzzy Hash: 3971EF62F14B8185F700EF7AD8402ADB761EB95B94F904239DE9D2BB9ADF78D081C350

Function 00007FF763352670 Relevance: 7.2, APIs: 2, Strings: 2, Instructions: 156COMMON

Download Yara Rule

APIs

__std_fs_get_current_path.LIBCPMT ref: 00007FF7633526E8

Part of subcall function 00007FF76338BAAC: GetCurrentDirectoryW.KERNEL32 ref: 00007FF76338BAB4

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335288A

Part of subcall function 00007FF7632FFA60: __std_exception_copy.LIBVCRUNTIME ref: 00007FF7632FFAED

Strings

--type, xrefs: 00007FF76335267B
current_path(), xrefs: 00007FF763352890

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: CurrentDirectory__std_exception_copy__std_fs_get_current_path_invalid_parameter_noinfo_noreturn
String ID: --type$current_path()
API String ID: 2526998938-584980331
Opcode ID: 2e5e51b2a3e4999380e4a6033a9d9baaa221e04dab71b21e32a4ffa39bc7f9e3
Instruction ID: ece8b26f9fab35cc840e4655505931cbaba033c3c4f5c6c71f7a6db3efce377a
Opcode Fuzzy Hash: 2e5e51b2a3e4999380e4a6033a9d9baaa221e04dab71b21e32a4ffa39bc7f9e3
Instruction Fuzzy Hash: 0A519F62F10751C9EB50DBB5D8406AC7BB1FB48798F90422AEE5D67B98DF389481C320

Function 00007FF76332B520 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 142COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF76331DD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF76331DEDD
Part of subcall function 00007FF76331DD8E: __std_fs_convert_narrow_to_wide.LIBCPMT ref: 00007FF76331DF15

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B741
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76332B747

Strings

User Data, xrefs: 00007FF76332B568
exists, xrefs: 00007FF76332B734

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: __std_fs_convert_narrow_to_wide_invalid_parameter_noinfo_noreturn
String ID: User Data$exists
API String ID: 522447391-1382609090
Opcode ID: 962ce83529798b44ec9cb2f329974acb72f6b2e5cf64a685e3c48d71ff55658b
Instruction ID: 8fd0789193d0982484e3dd6ac4d2c24e97a25f8548ca5da49fed73394f5f637b
Opcode Fuzzy Hash: 962ce83529798b44ec9cb2f329974acb72f6b2e5cf64a685e3c48d71ff55658b
Instruction Fuzzy Hash: 36518072B14B42C9EF40EF6AD4452AC7332EB45798F805639EA5C3BB99EE38D145C360

Function 00007FF7632FE510 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 127COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7632FE57E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF7632FE5C6
_Getctype.LIBCPMT ref: 00007FF7632FE604

Strings

bad locale name, xrefs: 00007FF7632FE6BD

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$GetctypeLocinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 1612978173-1405518554
Opcode ID: 795a358b199044d064d161f202aa8d36907fafd946ce211341e9f69cef004bf1
Instruction ID: 188e564e6c2f34ad659323d34af7446cee20cf16108f7f46ba5f8dd8d955e3db
Opcode Fuzzy Hash: 795a358b199044d064d161f202aa8d36907fafd946ce211341e9f69cef004bf1
Instruction Fuzzy Hash: 6A518A22B09B41CAEB81EF61D8902BCB3A5AF40748F884539DA4E37B95DF38D521C364

Function 00007FF76334783A Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 59COMMON

Download Yara Rule

APIs

ExitProcess.KERNEL32 ref: 00007FF763347977

Part of subcall function 00007FF76333F820: CoInitializeEx.OLE32 ref: 00007FF76333F8CE

OpenMutexA.KERNEL32 ref: 00007FF763347A7F
ExitProcess.KERNEL32 ref: 00007FF763347A8F

Strings

--key, xrefs: 00007FF763347899
--type, xrefs: 00007FF76334784E
APPB:, xrefs: 00007FF763347912

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ExitProcess$InitializeMutexOpen
String ID: --key$--type$APPB:
API String ID: 3710457153-2541764812
Opcode ID: da639d6e5cdad483fb40bed12fd4e3d8ae707f3430990bcd0b73f7d76dea2ddd
Instruction ID: 8e4033a337c4ee61c9abf8bc63729e22b215adc63150af352a88181c8a15803e
Opcode Fuzzy Hash: da639d6e5cdad483fb40bed12fd4e3d8ae707f3430990bcd0b73f7d76dea2ddd
Instruction Fuzzy Hash: AD213231A0DAC7D0EAA1BB62D8553FAE360EF91380FC05039D58D667AAEE2CD549C750

Function 00007FF76338B748 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 18libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(?,?,?,00007FF76338BE32), ref: 00007FF76338B75E
GetProcAddress.KERNEL32(?,?,?,00007FF76338BE32), ref: 00007FF76338B76E

Strings

kernel32.dll, xrefs: 00007FF76338B757
GetTempPath2W, xrefs: 00007FF76338B767

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: AddressHandleModuleProc
String ID: GetTempPath2W$kernel32.dll
API String ID: 1646373207-1846531799
Opcode ID: c3f39c1016d9644655c5748e6247c669a6b28aee860c03fb307b0288e1ef9cb8
Instruction ID: ac72d0943856cc6056ba55cb52c0a1cf37399a22f7820f55c1ea9fd3c02c9ce6
Opcode Fuzzy Hash: c3f39c1016d9644655c5748e6247c669a6b28aee860c03fb307b0288e1ef9cb8
Instruction Fuzzy Hash: FCE01271E18A82D2EB456B06F945075B761FF487C0B98803DD91E5B734DE3CD495C720

Function 00007FF7633502C0 Relevance: 6.4, APIs: 4, Instructions: 373COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763350827
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763350833
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76335083F
SysFreeString.OLEAUT32 ref: 00007FF763350857

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn$FreeString
String ID:
API String ID: 1965679434-0
Opcode ID: 12f2343ec10ebc4beab690ef4b10ae46424fb8a7ec555726e2b20f3022e7268b
Instruction ID: 26bbadf6f80aea709c764e959d46702e56f6bfcb23f463b42cfa644b3c2c9a43
Opcode Fuzzy Hash: 12f2343ec10ebc4beab690ef4b10ae46424fb8a7ec555726e2b20f3022e7268b
Instruction Fuzzy Hash: 6CF1A162B18B81C6FB40EB66D4503EDA762EB457A8F80453ADE5E27BDADF38D044C350

Function 00007FF763373118 Relevance: 6.3, APIs: 4, Instructions: 305fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleOutputCP.KERNEL32 ref: 00007FF76337319F
WriteFile.KERNEL32 ref: 00007FF763373466
WriteFile.KERNEL32 ref: 00007FF7633734AF
GetLastError.KERNEL32 ref: 00007FF763373570

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: FileWrite$ConsoleErrorLastOutput
String ID:
API String ID: 2718003287-0
Opcode ID: fb9ce0a8caca549bef5a8e8e1920a8c6df41992dac4b542e2e2b5d99276d3802
Instruction ID: 7078a4f7d037be327cdda6bc7af6ec4c99c1d5b1bf4b37df91fad6d5c4991033
Opcode Fuzzy Hash: fb9ce0a8caca549bef5a8e8e1920a8c6df41992dac4b542e2e2b5d99276d3802
Instruction Fuzzy Hash: 60D13732B08A81C9E751DF7AD8401ACB7B1FB067E9B944239CE4DA7B99CE38D406C354

Function 00007FF763373AF4 Relevance: 6.2, APIs: 4, Instructions: 218COMMONLIBRARYCODE

Download Yara Rule

APIs

GetConsoleMode.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF763373A94), ref: 00007FF763373C17
GetLastError.KERNEL32(?,?,?,?,00000000,?,?,00000000,00000000,?,00000000,00000000,00007FF763373A94), ref: 00007FF763373CA1

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ConsoleErrorLastMode
String ID:
API String ID: 953036326-0
Opcode ID: 71047c117e1be3189cb89e5b74bfb6f25562d693c831f8dfb3e4c4496a6ca128
Instruction ID: 8713bf973e6f4e374e798b2c20355fa73f9b28b8b553df57881efd12c29b393c
Opcode Fuzzy Hash: 71047c117e1be3189cb89e5b74bfb6f25562d693c831f8dfb3e4c4496a6ca128
Instruction Fuzzy Hash: F391D572F18652C5FB90AB6698806BCA7B0FB06BA9F844139DE0E77784CF38D441C764

Function 00007FF7633937E8 Relevance: 6.2, APIs: 4, Instructions: 159COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo.LIBCMT ref: 00007FF763393829
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633938A9
_invalid_parameter_noinfo.LIBCMT ref: 00007FF7633938FD
_get_daylight.LIBCMT ref: 00007FF763393955

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo$_get_daylight
String ID:
API String ID: 72036449-0
Opcode ID: cf49e0592d0c650ec1e2f0b893b1cf8e88f8ffad24bae71d226c790b617eba14
Instruction ID: e7a50bc2ad653bca4b6a85319ad6c8535486196db6c9b85b5b16ac91b0149de8
Opcode Fuzzy Hash: cf49e0592d0c650ec1e2f0b893b1cf8e88f8ffad24bae71d226c790b617eba14
Instruction Fuzzy Hash: 8A51BEB2E0C606C6F7E8392A9805379E790AB41724F99403DDA5D773D6EA7CEC40C762

Function 00007FF763335A80 Relevance: 6.1, APIs: 4, Instructions: 146COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335BD8
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335BDE
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335BE4
_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763335C4C

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID:
API String ID: 3668304517-0
Opcode ID: 80187849b2c3fc5827b9f9af02b94922c6536b1bb9af376066dece0b9a70b459
Instruction ID: ecbbc085fd5087e5b718ed681d63d92976e378a3d28be48098e40c46fecdd5e9
Opcode Fuzzy Hash: 80187849b2c3fc5827b9f9af02b94922c6536b1bb9af376066dece0b9a70b459
Instruction Fuzzy Hash: CD51AE72715B8581FA449F2AE05426DB3A5FB44F94F90863ADB9C27B99DF3CD4A0C340

Function 00007FF763325750 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF76332577B
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7633257A0

Part of subcall function 00007FF763326390: std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7633263FE
Part of subcall function 00007FF763326390: std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF763326446

std::_Facet_Register.LIBCPMT ref: 00007FF76332584B
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763325896

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Locinfo::_Locinfo_ctorRegister
String ID:
API String ID: 4181401918-0
Opcode ID: 0ef2616fcc5399cb645ad342650983371f86b31a6cf8c916be02572b1d7a6817
Instruction ID: ed1093fa1c9ff3955068c9dc867d24c0ae7aa075db1bd6f4c09bf60a52a8a83e
Opcode Fuzzy Hash: 0ef2616fcc5399cb645ad342650983371f86b31a6cf8c916be02572b1d7a6817
Instruction Fuzzy Hash: 8541A621A18B45C0FB95EB17E440679E360FB44B94F880639EA8D677A9DF3CE581C720

Function 00007FF763313BC0 Relevance: 6.1, APIs: 4, Instructions: 90COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF763313BEB
std::_Lockit::_Lockit.LIBCPMT ref: 00007FF763313C10
std::_Facet_Register.LIBCPMT ref: 00007FF763313CBB
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF763313D06

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$LockitLockit::_$Concurrency::cancel_current_taskFacet_Register
String ID:
API String ID: 1168246061-0
Opcode ID: d73785c31b51268aaaa81e722761cd05a3bd9e846c840b8156701ed2f3cb5d06
Instruction ID: 4c7eb8c5ce0a50c4bc7d3286eb510db429b704c9add48885f294af509fc0f35a
Opcode Fuzzy Hash: d73785c31b51268aaaa81e722761cd05a3bd9e846c840b8156701ed2f3cb5d06
Instruction Fuzzy Hash: 14419C22B08B41C1EA95FB17E850379F760FB44BA4F980639DA8D177A5DE3CD441C760

Function 00007FF76338B92C Relevance: 6.1, APIs: 4, Instructions: 53COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 00007FF76338B975
GetLastError.KERNEL32 ref: 00007FF76338B983
WideCharToMultiByte.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF763313E79), ref: 00007FF76338B9B8
GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,00000000,00007FF763313E79), ref: 00007FF76338B9C6

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ByteCharErrorLastMultiWide
String ID:
API String ID: 203985260-0
Opcode ID: 9a4dc4f044481010f46556346e16a03dcc3346a8b305f7bba19c8a1af1585fcb
Instruction ID: ec9ba770cc2d60a4f59675cd944e151f7f9b578dda1fd26e1b18993192ea1f90
Opcode Fuzzy Hash: 9a4dc4f044481010f46556346e16a03dcc3346a8b305f7bba19c8a1af1585fcb
Instruction Fuzzy Hash: 4B212C72A18B86C6E7509F12E44432EBAB4FB98B94F640139DB8D67B54DF3CD411CB10

Function 00007FF76338B6D0 Relevance: 6.0, APIs: 4, Instructions: 34COMMON

Download Yara Rule

APIs

SetFileInformationByHandle.KERNEL32 ref: 00007FF76338B6F0
GetLastError.KERNEL32 ref: 00007FF76338B6FA
SetFileInformationByHandle.KERNEL32 ref: 00007FF76338B72D
GetLastError.KERNEL32 ref: 00007FF76338B737

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorFileHandleInformationLast
String ID:
API String ID: 275135790-0
Opcode ID: 4d562f91c227975d487e9ca190528b3c563a83711315297d7f69586703ffb772
Instruction ID: ee45d217652692c77580d725fbad6c3916e95953b9154bf55801c58775de273c
Opcode Fuzzy Hash: 4d562f91c227975d487e9ca190528b3c563a83711315297d7f69586703ffb772
Instruction Fuzzy Hash: 99F0D631A08283C2F7D47B66D4586B5AA90EF44740F940038F55E6EB94DE3DE584C330

Function 00007FF763321500 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 145COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF763321695
Concurrency::cancel_current_task.LIBCPMT ref: 00007FF7633216E1

Strings

conditional not closed, xrefs: 00007FF76332169B, 00007FF7633216BE

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: Concurrency::cancel_current_task_invalid_parameter_noinfo_noreturn
String ID: conditional not closed
API String ID: 73155330-2481790218
Opcode ID: 7e3dec843d3c2bdfcd9b88ea5898acdebe44c933704b2a18e631af7654d1b92d
Instruction ID: 4e96b38a8807801a67e6d1db33d684e73f85e839412a5c6672239ceb9ed9d538
Opcode Fuzzy Hash: 7e3dec843d3c2bdfcd9b88ea5898acdebe44c933704b2a18e631af7654d1b92d
Instruction Fuzzy Hash: 8851F773E08A86C1FA90EB1AD5405BDE761EF947C4F945136EA8E273A5DE3DD084C320

Function 00007FF76334C7A0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 138COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF76334C80E
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF76334C856

Strings

bad locale name, xrefs: 00007FF76334C92B

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: ab8ba62c3cd29999f6b0c8d15e8c73ab141a4a8ccc7404b4129a8aa97d70c633
Instruction ID: e0b9b76cd4c83cf5857bbc24089521118e2ace63acf4150ce647ed65f65d4978
Opcode Fuzzy Hash: ab8ba62c3cd29999f6b0c8d15e8c73ab141a4a8ccc7404b4129a8aa97d70c633
Instruction Fuzzy Hash: 04516F32B09A01D9FB90EF62D8902BCB3A4EF54748F880439DA4E77B56DE38D559C354

Function 00007FF763326390 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON

Download Yara Rule

APIs

std::_Lockit::_Lockit.LIBCPMT ref: 00007FF7633263FE
std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 00007FF763326446

Strings

bad locale name, xrefs: 00007FF763326525

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: std::_$Locinfo::_Locinfo_ctorLockitLockit::_
String ID: bad locale name
API String ID: 3988782225-1405518554
Opcode ID: 5c6dfc6788a541a7de62cbe8aa76ccea44fa1d3a9b5437bfa697362aa3e33669
Instruction ID: 6a1f7e2a53f03a81d1158fc4d67c7002a8c0233495ae1987903c46dcf40537de
Opcode Fuzzy Hash: 5c6dfc6788a541a7de62cbe8aa76ccea44fa1d3a9b5437bfa697362aa3e33669
Instruction Fuzzy Hash: 36518E32B09A01D9EB90EF72D8506BCB3A4EF54748F880439EA8E73B55DE38D551C364

Function 00007FF7633795D4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 122COMMONLIBRARYCODE

Download Yara Rule

APIs

Part of subcall function 00007FF76337E65C: _invalid_parameter_noinfo.LIBCMT ref: 00007FF76337E68F

_get_daylight.LIBCMT ref: 00007FF7633796EC
_get_daylight.LIBCMT ref: 00007FF7633796FD

Strings

?, xrefs: 00007FF76337967D

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _get_daylight$_invalid_parameter_noinfo
String ID: ?
API String ID: 1286766494-1684325040
Opcode ID: 948ea5093c49672d9cebe17e78a03e5ff2ff35b94c226735abaeefd0b52bf2dd
Instruction ID: c73559cd7ab7a8a40f5963e8be872925da0c376a5eb2fec276351ab66eb8bf17
Opcode Fuzzy Hash: 948ea5093c49672d9cebe17e78a03e5ff2ff35b94c226735abaeefd0b52bf2dd
Instruction Fuzzy Hash: F7412712A08682C5FBA0AF2794017BAD670EF82BA5F904339EE5C16BD5DE3CD441CB14

Function 00007FF7633737C4 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 100fileCOMMONLIBRARYCODE

Download Yara Rule

APIs

WriteFile.KERNEL32 ref: 00007FF7633738DB
GetLastError.KERNEL32 ref: 00007FF7633738FD

Strings

U, xrefs: 00007FF763373887

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: ErrorFileLastWrite
String ID: U
API String ID: 442123175-4171548499
Opcode ID: 3efb29d34a756b785a65299427448dbee74b57ff388e52a10932dd82dc16598c
Instruction ID: e5eca9ffd4c9aa4c412fd99882f268dcd91458a8a33c38f48f1a48ce413f7e71
Opcode Fuzzy Hash: 3efb29d34a756b785a65299427448dbee74b57ff388e52a10932dd82dc16598c
Instruction Fuzzy Hash: 3D41E332B18A81D1DB60AF26E8443A9B7A0FB89B95F804039EE4D97788DF3CD405C764

Function 00007FF76334B220 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 89COMMON

Download Yara Rule

APIs

_invalid_parameter_noinfo_noreturn.LIBCMT ref: 00007FF76334B366

Strings

false, xrefs: 00007FF76334B248
true, xrefs: 00007FF76334B241

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _invalid_parameter_noinfo_noreturn
String ID: false$true
API String ID: 3668304517-2658103896
Opcode ID: 06af256300836894cd400fb88b33984ac3fe2ce9c156be931ae753f98a0f9e29
Instruction ID: b6a8a2a5f05fe8696d877fc8feb25325be7b89a3568de083b494b7411e069b0a
Opcode Fuzzy Hash: 06af256300836894cd400fb88b33984ac3fe2ce9c156be931ae753f98a0f9e29
Instruction Fuzzy Hash: 12419163E18B85D9FB00DB76C8403EC6371EB59398F805335DAAD2679AEF689199C310

Function 00007FF763378948 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 58COMMON

Download Yara Rule

APIs

_set_errno_from_matherr.LIBCMT ref: 00007FF76337899C
_set_errno_from_matherr.LIBCMT ref: 00007FF763378A09

Strings

exp, xrefs: 00007FF763378977

Memory Dump Source

Source File: 00000000.00000002.2605406653.00007FF7632D1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00007FF7632D0000, based on PE: true

Associated: 00000000.00000002.2605379700.00007FF7632D0000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605486651.00007FF7633A8000.00000002.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605516766.00007FF7633D4000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605537973.00007FF7633D6000.00000008.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605557309.00007FF7633D9000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2605583383.00007FF7633DD000.00000002.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_7ff7632d0000_file.jbxd

Similarity

API ID: _set_errno_from_matherr
String ID: exp
API String ID: 1187470696-113136155
Opcode ID: 49f0d078269b54412d4ab26495e5ae6b104b468a2a1f1e9b5f5a5d1d2e07f27f
Instruction ID: 55bebd00ac4526f8a8e00958afa0b3ee83b294297ab35963812ff44638a94d19
Opcode Fuzzy Hash: 49f0d078269b54412d4ab26495e5ae6b104b468a2a1f1e9b5f5a5d1d2e07f27f
Instruction Fuzzy Hash: C4212836E14615CEE790EF79C4416AD77B0FB4A348B801539EA0DAAB4ADF38E540CB54

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF7633416A0 CryptUnprotectData,LocalFree,		0_2_00007FF7633416A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00007FF763307C80 CryptUnprotectData,LocalFree,_invalid_parameter_noinfo_noreturn,		0_2_00007FF763307C80

Source: Network traffic	Suricata IDS: 2049441 - Severity 1 - ET MALWARE Win32/Unknown Grabber Base64 Data Exfiltration Attempt : 192.168.2.7:49704 -> 176.124.204.206:15666
Source: Network traffic	Suricata IDS: 2050806 - Severity 1 - ET MALWARE [ANY.RUN] Meduza Stealer Exfiltration M2 : 192.168.2.7:49704 -> 176.124.204.206:15666
Source: Network traffic	Suricata IDS: 2050807 - Severity 1 - ET MALWARE [ANY.RUN] Possible Meduza Stealer Exfiltration (TCP) : 192.168.2.7:49704 -> 176.124.204.206:15666

Source: Joe Sandbox View	IP Address: 176.124.204.206 176.124.204.206
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205
Source: Joe Sandbox View	IP Address: 104.26.13.205 104.26.13.205

Source: unknown	DNS query: name: api.ipify.org
Source: unknown	DNS query: name: api.ipify.org

Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206
Source: unknown	TCP traffic detected without corresponding DNS query: 176.124.204.206

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Firewall: Firewall Enumeration, Firewall: Firewall Metadata, Process: OS API Execution, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may look for details about the network configuration and settings, such as IP and/or MAC addresses, of systems they access or through information discovery of remote systems. Several operating system administration utilities exist that can be used to gather this information. Examples include Arp , ipconfig / ifconfig , nbtstat , and route .
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to take screen captures of the desktop to gather information over the course of an operation. Screen capturing functionality may be included as a feature of a remote access tool used in post-compromise operations. Taking a screenshot is also typically possible through native utilities or API calls, such as `CopyFromScreen` , `xwd` , or `screencapture` .
Tactics:	Collection
Data Sources:	Command: Command Execution, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Memory Dumps

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Malware Analysis System Evasion

Anti Debugging

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Static File Info

General

File Icon

Static PE Info

General

Entrypoint Preview

Data Directories

Sections

Resources

Imports

Possible Origin

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

DNS Queries

DNS Answers

HTTPS Proxied Packets

Statistics

Windows Analysis Report
file.exe

Function 00007FF763358CC0 Relevance: 59.9, APIs: 33, Strings: 1, Instructions: 374
windowCOMMON

Function 00007FF76335B410 Relevance: 52.1, APIs: 19, Strings: 10, Instructions: 1387
COMMON

Function 00007FF7633471A0 Relevance: 39.1, APIs: 18, Strings: 4, Instructions: 592
COMMON

Function 00007FF76330D510 Relevance: 35.9, APIs: 17, Strings: 3, Instructions: 864
libraryloaderCOMMON

Function 00007FF763331A80 Relevance: 30.3, APIs: 11, Strings: 6, Instructions: 571
COMMON

Function 00007FF763301D4E Relevance: 28.8, APIs: 10, Strings: 6, Instructions: 804
COMMON

Function 00007FF76338BAE8 Relevance: 27.2, APIs: 18, Instructions: 229
fileCOMMON

Function 00007FF76330C9C0 Relevance: 21.7, APIs: 11, Strings: 1, Instructions: 668
COMMON

Function 00007FF763361B00 Relevance: 21.4, APIs: 11, Strings: 1, Instructions: 421
COMMON

Function 00007FF763357BC0 Relevance: 19.9, APIs: 13, Instructions: 431
networkCOMMON

Function 00007FF76330E5A0 Relevance: 16.1, APIs: 8, Strings: 1, Instructions: 324
processCOMMON

Function 00007FF7633529E0 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 193
networkCOMMON

Function 00007FF7633514B0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 192
windowCOMMON

Function 00007FF763340390 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 118
COMMON

Function 00007FF76335AAE6 Relevance: 16.9, APIs: 11, Instructions: 377
COMMON

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre